Developers and HIPAA

Text messaging and HIPAA

There is currently a lack of clarity about whether patient consent to communicate via (unencrypted) SMS is adequate to protect covered entities from HIPAA concerns. HHS (and medical research) has released data supported use of non-encrypted SMS, given its high accessibility to patients and its efficacy in achieving behavior change (e.g. medication compliance, smoking cessation). Many covered entitites feel that this ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), General Public, Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit, Developer working on homegrown apps within a health care setting

Voting

21 votes
21 up votes
0 down votes

Developers and HIPAA

PHI request through SMS from provider

I understand there is some ambiguity regarding providers communicating PHI with patients, and I'm having some trouble interpreting how it applies to me. My provider developed software to engage patients via unencrypted SMS. My provider's medical practitioners will determine a patient is in need of monitoring and will develop or reuse a workflows to regularly request defined PHI from patients--such as diastolic and systolic ...more »

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit

Voting

9 votes
9 up votes
0 down votes

Developers and HIPAA

Is a BAA required with SMS service

If my provider is communicating PHI and non-PHI with patients through a 3rd party SMS service, such as Twilio, would my provider be required to sign a BAA with an SMS service company or such a company be classified as a conduit? We are sending encrypted data to the SMS service which is then sending unencrypted SMSs to patients. Patients can then potentially respond to those SMSs via unencrypted SMS which would be directed ...more »

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit

Voting

5 votes
5 up votes
0 down votes

Developers and HIPAA

HIPAA Compliant Forms

I am in the process of working with a hospital that is using a marketing software product to integrate forms into a new website project. We have recently got into the discussion regarding HIPAA compliance. It turns out the product's forms are not HIPAA compliant. With that being said the information being captured by these forms on the site are not intended to be capturing medical information. The purpose of these forms ...more »

Submitted by

Who are your customers? Check all that apply : General Public, Patients/Individuals/Consumers

What is your organization? : Small company

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

EHR software partners uses third party API

Our EHR solution is partnering with another health related software company with a cloud based API product to provide additional solutions for providers. This is a seamless connection. Some PHI would be stored on the API cloud based system while our EHR would also store PHI either on the client server or the cloud. I have several questions. I am assuming that the business associate between our clients/providers ...more »

Submitted by

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Your products send, receive, and/or view data/information to/from an EHR or related platform, EHR vendor, Cloud service provider

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

Chat requirements

Are there any specific requirements that we should keep in mind when putting together a solution to provide PHI to a customer via a chat channel? Would it even be feasible? Assuming customer is identified (previously registered or asked to provide dob or some personal information

 

Thanks

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Developer working on homegrown apps within a health care setting

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

Connected Device Maintenance via App

A physician provides their patient with a medical device (like a CPAP or Glucose Meter). The company that created the medical device wants to monitor the maintenance of the machine. All of the information collected by the device that is sent to the physician is covered under a business associate agreement. Can the company that created the medical device receive information about the maintenance/operation of the device ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Small company, Trade association

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

web based CASE Management Tool

I have a web application that allows a patient and a doctor to create an account. the patient can upload his medical history and associate scanned files to his account. the patient then selects a doctor within the web application and invites him to have a look at his case files. we are hosting this on a hipaa compliant environment under a BAA agreement. I am the only administrator who manages the system and I manage ...more »

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Your products send, receive, and/or view data/information to/from an EHR or related platform

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

Hospital Outpatient Pharmacy Notice of Privacy Practices

If a patient acknowledges receipt of a Notice of Privacy Practices when admitted to a Hospital, does the Hospital-owned outpatient pharmacy using the same electronic software have to provide a second Notice and obtain patient acknowledgement again? Can the original notice cover all outpatient departments under Hospital ownership?

Submitted by

Who are your customers? Check all that apply : General Public, Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

EHR Continuity in Care

Private Practice Physicians have the opportunity by contracting with a large health care entity to get into electronic health records EHR. In wanting to satisfy the continuum of care one practice can see any treatment provided by another provider for their patient. They can access diagnostics within the health care entities network. All good things! My concern, though users sign off on a confidentiality agreement ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, Health plans or health care providers

What is your organization? : Small company, Attorney/other compliance consultant

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Does HIPAA extend to untethered PHRs?

A software company (e.g. a startup) develops an untethered PHR that is offered directly to the patient (consumer). The patient then authorizes PHR to "request" and "pull" (on behalf of patient) all records from all portals offered by healthcare provider EHRs (e.g. by Epic (MyChart), Cerner,...etc). The PHR gets access to all portals using logon credentials provided by the patient (e.g. patient provides all usernames and ...more »

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Your products send, receive, and/or view data/information to/from an EHR or related platform

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Providers feed PHI to your system, does this mean you are a BA?

You have an app to manage chronic care that is primarily driven by the patient and requires patient persmission to share any data, but where providers can enter some data, such as messages, or some information related to the patient's medication. The system is offered independently from a covered entity. Just because providers enter some PHI in the system, are you seen as a BA covered, or you are not a BA as long as ...more »

Submitted by

Who are your customers? Check all that apply : Other

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company

Voting

3 votes
3 up votes
0 down votes