Developers and HIPAA

Text messaging and HIPAA

There is currently a lack of clarity about whether patient consent to communicate via (unencrypted) SMS is adequate to protect covered entities from HIPAA concerns. HHS (and medical research) has released data supported use of non-encrypted SMS, given its high accessibility to patients and its efficacy in achieving behavior change (e.g. medication compliance, smoking cessation). Many covered entitites feel that this ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), General Public, Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit, Developer working on homegrown apps within a health care setting

Voting

20 votes
20 up votes
0 down votes

Developers and HIPAA

Risk Assessment Tool

Small companies and Business Associates are eager to meet their security requirements under HIPAA. Many smaller B.A.s have stated that they are unable to use the current security risk assessment tool because they believe it is┬áneedlessly cumbersome, redundant, and designed for Covered Entities. Do you recommend that Business Associates start to use private tools instead of the current tool for risk assessments? If so, ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Small company, Trade association

Voting

3 votes
3 up votes
0 down votes
Answered Questions

Developers and HIPAA

Developer and HIPAA

Assume you have a software company that will be using a smartphone application and related device to record and store arguably protected health information. 1. Assume the software company stores the information on its own servers. The company is not subject to HIPAA (privacy or security rules) because it isn't a covered entity or a business associate of a covered entity, correct? 2. Now assume that the software ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Attorney/other compliance consultant

Voting

2 votes
2 up votes
0 down votes
Answered Questions

Developers and HIPAA

Scanning and Penetration Testing

Do entities need to run internal and external vulnerability scanning be HIPAA compliant? Do entities have to run penetration tests to ensure compliance? Reading ┬ž164.312(e)(2)(i) it seems that 'security measures' could include these tests, but does not specify a requirement for it. Additionally, a risk analysis could identify that these services would help to reduce the risk, threats and vulnerabilities in-scope systems, ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers

What is your organization? : Attorney/other compliance consultant

Voting

2 votes
2 up votes
0 down votes