Developers and HIPAA

'Medical Info' field in attendance mobile app

We are working on a mobile app that tracks attendance for fitness instructors/martial arts schools. Instructors can create classes and save their students in them. Part of the data entered for a student includes a field called Med Info, which would be along the sorts "Has asthma" or "Allergic to peanuts" just to give general examples. This is done so instructors can be prepared and aware of any health conditions with... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Web app records meds, but not identifiable to patient.

I'm working on a free web application for use by healthcare providers that tracks the usage of antibiotics. I intend to make the application available to anyone as a tool without entering into any formal agreements. The tool would track such information as: facility census, medication name, dosage, date given, etc. patient age, gender, height, weight, etc. The tool would NOT use identifying information such as name,... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

HIPAA and FHIR

The introduction of FHIR to the 2015 CEHRT has opened the door for 3rd party applications to receive patient health information directly from an EHR without an agreement in place between the health care provider or the EHR vendor. Even though the patient has selected it, shouldn't the 3rd party app be responsible for the protection of the patient's health information and be held to the same standards as the EHR vendor?... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

HIPAA and FHIR

The introduction of FHIR to the 2015 CEHRT has opened the door for 3rd party applications to receive patient health information directly from an EHR without an agreement in place between the health care provider or the EHR vendor. Even though the patient has selected it, shouldn't the 3rd party app be responsible for the protection of the patient's health information and be held to the same standards as the EHR vendor?... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Implementations with external services & Testing

When implementing external services with clients (such as exposing an API to external clients), are there any HIPAA rules/regulations around testing the implementation in a non-prod environment before going live in production? Are there any concerns with PHI or security with testing an implementation (of say an API with an external client) directly in a production environment?

Voting

0 votes
0 up votes
0 down votes