Developers and HIPAA

Surveillance Cameras and HIPAA

The mental health organization I am working with wants to install cameras in an area where people receive services (so they are identified by face and as being in need of the service provided). The organization will have an app to monitor camera activity etc but they want an existing telecommunications company to install and maintain the cameras and the video/images. The company they have chosen has never and will not... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

How to handle old emails

I'm a web designer and have a client who has recently become hipaa compliant concerning his handling of email. He needed me to search his old emails from about 6 years ago for a certain file. Though he no longer uses that email address, the emails were still in webhosts database, and they were never hipaa compliant. He was wondering if he should just delete those old emails, since they are not hipaa compliant we thought... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Facility Directories

Can someone elaborate on what is allowed for facility directories under 164.510? The regulations say the directory can give the recipient the location of the patient (assuming all other requirements are met)? Can a covered entity (or its business associate) also give directions to the location? Can those directions be transmitted electronically (e.g., via e-mail or otherwise) to someone who asks for the patient by name... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

online social communities sponsored by a covered entity

We are a covered entity, and developing an online education program for a medical condition. Only registered/approved users are able to join view pages. So it may be assumed that a user has the medical condition, but the site does not require that users identify themselves to others. Users will have the option to enter PHI in a secured profile (hipaa compliant...), but can elect not to enter any info. The users will... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Is a state-run MMJ registry a covered entity?

Is a state-run medical marijuana patient registry a covered entity? The Florida registry includes identifiable patient personal information and MMJ "prescription" information that is passed from the physician, to the DOH, to dispensing retail locations. Any physician, law enforcement officer, or retail location employee can find and view any patient's information. Here is the Florida physician user manual: http://www.flhealthsource.gov/ommu/forms/registry-user-guide-physician.pdf... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

How granular should logs be in saving access-to-PHI events?

As a software developer in the role of business associate I have read about what needs to be captured and stored by software that handles PHI for a covered entity. To be a good vendor, we want to provide our customer the requisite log data about user credentialing (adds, permissions, changes, disables, deletes), and about PHI activity within our software product. We currently log all changes to PHI made by our product.... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

On Premise Interface Software Developer and Consulting and BAA's

I work for a software manufacturer that produces software that interfaces our customers various clinical systems to their EHR's and other applications. We do not store, maintain, transmit or manage PHI for our customers. We do configure their HIT interfaces that manage, transmit and modify PHI. Our technicians also routinely see PHI as they are helping customers troubleshoot issues and perform configuration changes.... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Health Information Systems and HIPAA Compliance

We're a non profit organisation seeking to deploy an open-source health management application for use. We classify as a Business Associate as we provide services for a health care provider under HIPAA. We urgently need to know what exactly are the requirements a health information system needs to meet in order to satisfy HIPAA. It would be helpful to know if there's some document or checklist to work with. We'd also... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

HIPAA Program Compliance Manger

This was addressed on your old FAQ page for a number of years and it seems to have disappeared. Can "open format" postcards still be used to remind patients of upcoming appointments as long as HIPAA's minimum necessary standard is observed? Something like, "Dear Sue, We would like to remind you of your upcoming appointment on Tuesday, September 12th at 2:20 pm"?

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Which Dates are considered PHI?

Assuming all other identifiers are removed from the data, which dates are considered PHI? The de-identification standard for safe harbor indicates the following must be removed: "(C) All elements of dates (except year) for dates that are directly related to an individual, including birth date, admission date, discharge date, death date, and all ages over 89 and all elements of dates (including year) indicative of such... more »

Voting

1 vote
1 up votes
0 down votes