kudos icon +

Developers and HIPAA

Does my app need to be Hippa compliant?

I'm developing a calculator type app for a friend of mine who works at a skilled nursing facility.

She works as a therapist and regularly needs to split the total amount of time she needs to work with her patients into multiple sessions, often switching back and forth between patients. I'm developing the app to automate the task of her writing down when she starts and ends each session with each of per patients... and... more »

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

Wearables provided by covered entity

I believe this question is covered in the developer guidance (page 3), but as this document is 3+ years old, I was trying to determine if further guidance is available or if anything has changed with the decisions.

We provide patient monitoring services to covered entities and enter into contracts/BAA's with them. One of these physicians is interested in providing a wearable tracker to his patients - the wearable would... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

Are all cookies considered identifiable?

One of our physicians requested the use of a website which requires a patient to create an account, then the physician can add medical information about that individual, so the individual can then filter an e-commerce platform to make purchases that are consistent with their medical conditions. As we would be offering the service to patients and uploading the PHI, this would fall under a business associate relationship.... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

HTTPS Communication for HIPAA Compliant API

Hi,

 

We are trying to send medical data from clinics to an Amazon S3 service via an https connection (using an API). The S3 is configured with a policy for complying with HIPAA guidelines. The question I have is - If https communication to S3 is implemented with complying encryption standards, is the solution to transport data HIPAA compliant?

 

Regards,

Nitin

Voting

2 votes
2 up votes
0 down votes
kudos icon + Implemented

Developers and HIPAA

How should developers execute audit logging?

Right now, developers expend a lot of time and resources (including the cost of data storage) on audit logging but don’t have assurance that they are in compliance. Could HHS provide an open source library of code to help developers understand how to execute audit logging.

Voting

4 votes
5 up votes
1 down votes
kudos icon 1 Implemented

Developers and HIPAA

Can HIPAA address patient generated data?

Developers need better guidance around patient generated health data, since HIPAA focusses on one-way data sharing from a provider/other covered entity outward to the patient/other entity. In the future, more and more data will be flowing in the opposite direction, and there should be guidance to clarify that HIPAA should not prevent the flow of information from the patient back to the provider.

Voting

6 votes
6 up votes
0 down votes
kudos icon + Implemented

Developers and HIPAA

Help with business associate agreements

There is a lack of transparency around the content of Business Associate Agreements (BAAs), a lack of sample BAA language around the topics developers care about, such as cloud storage & PGHD, and a lack of bargaining power on the part of startups. This has led to many challenges for the industry, resulting in high legal fees which may be a barrier to entry for many companies. HHS should issue sample BAA language around... more »

Voting

5 votes
5 up votes
0 down votes
kudos icon + Implemented

Developers and HIPAA

What part of the environment has to be compliant?

Does the entire environment need to be HIPAA compliant, or is it possible that the solution could fall into an exception to HIPAA, or can they use an API to store certain kinds of data? If you’re building modern technologies, you’re relying on a lot of third party (likely API) based services; mostly cloud based services. So which aspects of those need to be compliant?

Voting

5 votes
5 up votes
0 down votes
kudos icon + Implemented

Developers and HIPAA

Cloud computing

Developers need better guidance around cloud storage/computing and the Security Rule. Client-server architecture is no longer relevant in many cases. Health technology companies are typically now 100 percent cloud-based. Many clients are doing some type of data analytics work, or offer cloud-based EHRs and medical devices. HHS should provide good guidance for companies that are cloud based and virtual. Most companies... more »

Voting

3 votes
3 up votes
0 down votes