Developers and HIPAA

Push Notifications

We have a communication platform where providers, patients, family members can connect and communicate securely. The patient can set their own preferences around how they receive notifications about types of messages, and from whom in the app. We would like to send the patient a push notification so they are aware there is a new message in the app. We can send a push notification that says" There is a new message in the ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Notifications

A NYS licensed facility providing addiction treatment services has been advised that when a patient has been referred for treatment by another entity (hospital, family agency, courts, etc.) notice that the patient has presented for treatment may not be given to the referring agency without the written permission of the patient. No other PHI would be provided other than the notification.

Is this true?

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit, Consumer advocacy organization

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

PII and PHI

We make medical devices and sell to CEs through a independent sales team/resellers. Often times where there are some issues with software that runs on devices -- the reseller obtains the corresponding record from CE and uploads to our Customer Support portal. This ticket can contain medical health information. As a device manufacturer are we required to adhere to HIPAA? We may get a few hundred such tickets from different ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor)

What is your organization? : Other

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

App Customization

A consumer focused app receives a request from one of its users, a hospital, for a customization of the product. The customization is created in response to the user request and treated the same as other requests. The app developer then makes it available to their entire user base, not just the requester, and no fee is paid. Does this make the app developer a business associate of the covered entity?

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Small company, Trade association

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Data Recording

I am a student creating an app for school project. I was wondering if I have to be HIPAA compliant. I am creating an app, where diabetics can store their glucose and calculate insulin dosage. None of the information will be sent to hospitals or physicians. How would HIPAA work in this case? Thank you ahead.

Submitted by

Who are your customers? Check all that apply : General Public

What is your organization? : Other

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

J. Mark Tuthill, Divison Head, Pathology Informatics

We have a question regarding a vendor that claims that they don't need a BAA as they are a "conduit" and are exception. Is there someone at the OCR that could help us adjudicate this problem?

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, ACO

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

When is PHI de-identified?

We have developed a platform to facilitate the scheduling of transport/rides for patients to provider appointments. The process works as follows. The provider logs into a secure site, to schedule a ride to an appointment for a patient. The platform, at the appropriate time, sends formation to a rider service provider (someone such as Lyft, Uber, etc..) to schedule the transport. The information provide the transport ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers

What is your organization? : Developer of Mhealth apps (not mobile medical apps), For profit, Attorney/other compliance consultant

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Does the name of a Health Insurance company constitute PHI?

Does having identifiable information of a person and the name of the health insurance company they are enrolled in (or name of other covered entity) constitute a PHI record? 1. Would a text message sent to an individual that includes the name of their health insurance company (but no other health information) be subject to HIPAA regulations? 2. Would a text message sent to an individual that includes the name of their ...more »

Submitted by

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Not for profit

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

What does "on behalf of a covered entity mean"

What triggers acting "on behalf of a covered entity", A, or B, or other? A. A covered entity uses your app (you are not paid or have signed a BA; they just go online and use it). B. Getting hired by them. We have an app that patients and providers use for chronic disease management. Does not integrate with EHR. Patients enter their progress and providers review it and can message back and forth. We think we are not ...more »

Submitted by

Who are your customers? Check all that apply : Other

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Record, transfer and store mobile inbuilt sensor data

Hi, For a mobile chatbot health app that reads, transfers and stores (within and outside mobile phone in a cloud based server) sensor generated time series data of patients/consumers activities, events, etc.. which includes all data that can be captured by a mobile phone's, accelerometer, light, other sensors without patient/consumer intervention, can such sensor generated data be classified as personal identifiable information ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), General Public, Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company, For profit, Your products send, receive, and/or view data/information to/from an EHR or related platform

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

HIPAA compliance with an task list from a provider?

I'm working on an app for a therapist to send a list of exercises to their patient's mobile device from their desktop for the patient to perform at home. The therapist can view if the patient is checking off their exercises and reporting thier completion each day. No information is being transmitted in regards to the patient's diagnosis or condition, only the list of exercises to be performed at home and the patient's ...more »

Submitted by

Who are your customers? Check all that apply : Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company, For profit, Developer working on homegrown apps within a health care setting

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Health Information Systems and HIPAA Compliance

We're a non profit organisation seeking to deploy an open-source health management application for use. We classify as a Business Associate as we provide services for a health care provider under HIPAA. We urgently need to know what exactly are the requirements a health information system needs to meet in order to satisfy HIPAA. It would be helpful to know if there's some document or checklist to work with. We'd also ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor)

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Developer working on homegrown apps within a health care setting, EHR vendor

Voting

2 votes
2 up votes
0 down votes