Developers and HIPAA

Ransomeware Attack

I just heard that a practice in our area had a ransomware attack. Based upon their investigation their manager stated that the hacker did not get access to the PHI data and therefore did not need to report to patients or the Dept. of HHS. I question their judgement since I'm not certain if they can tell even tell if the only thing the hacker did was lock them out access to their patient PHI and didn't also create an ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, Health plans or health care providers

What is your organization? : Small company, Attorney/other compliance consultant

Voting

-1 votes
0 up votes
1 down votes

Developers and HIPAA

Nonprofit Emergency Medical Services

Is a nonprofit EMS company (501c3) required to have a notice of privacy practices if it is an emergency response group? What aspects of HIPAA are applicable to a nonprofit EMS group?

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Not for profit

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

Cyberinsurance evaluation and options

Does OCR recommend any guides to developers to help them evaluate different kinds of cyberinsurance policies and to determine what types and levels of insurance are needed depending on the application they have developed and for general company compliance?

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company, Your products send, receive, and/or view data/information to/from an EHR or related platform

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

Implementations with external services & Testing

When implementing external services with clients (such as exposing an API to external clients), are there any HIPAA rules/regulations around testing the implementation in a non-prod environment before going live in production? Are there any concerns with PHI or security with testing an implementation (of say an API with an external client) directly in a production environment?

Submitted by

Who are your customers? Check all that apply : Other

What is your organization? : Other

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

BA Contracts between 2 BAs providing services to CE

Is a BA Contract required between a BA providing PHI to another BA of a CE? (for example, a CE requests their EHR vendor to send PHI to a data analytics firm OR a CE requests a data analytics firm to send PHI to another vendor doing work on the CE's behalf)?

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers

What is your organization? : Small company, For profit, Attorney/other compliance consultant

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Cellular Voice HIPAA Compliant

I'm wondering if Verizon Home Phone connect with a analog phone hooked up to is violates HIPAA in any way. I'm more concerned about cellular technology VS POTS. There is no data transmission only voice.

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Government

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

BAAs with Vendors and Providers

If a company has a business associate agreement (BAA) with an electronic medical record (EMR) vendor, does that company also have to sign a BAA with each health care provider or provider group using that EMR in addition to their existing BAA with the vendor?

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Small company, Trade association

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Unencrypted Text without PHI?

Can a provider, or business associate acting on behalf of a provider, send an unencrypted text or email to a patient if the initial message does not contain protected health information and the patient requested the communication? If so, can the patient give the provider consent to use a third-party mailing service, even if the provider (or business associate of the provider) does not have a business associate agreement ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Small company, Trade association

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

EHR Role-Based Controls

What kind of limitations on role-based access does an EHR have to provide in order to comply with the “minimum necessary” standard? For example, if an employee only needs demographic or scheduling information to fulfill their job, does the EHR have to include mechanisms to prevent that employee from accessing other clinical information, or is having audit capability (combined with staff training and written policies) ...more »

Submitted by

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Attorney/other compliance consultant

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Desktop application for Videodermatoscopy

Godo morning, We are an Italian software house and we would like to commercialize our software for Videodermatoscopy in USA. Before that we would be sure that our software is HIPPA compliant because it stores patient's health information such as: name, surname, address, phone number, information about health status and specific information about patient's diseasies, photos of the patient and its mole, therapies, etc.etc. ...more »

Submitted by

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Software developer not specific to health care

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

'Medical Info' field in attendance mobile app

We are working on a mobile app that tracks attendance for fitness instructors/martial arts schools. Instructors can create classes and save their students in them. Part of the data entered for a student includes a field called Med Info, which would be along the sorts "Has asthma" or "Allergic to peanuts" just to give general examples. This is done so instructors can be prepared and aware of any health conditions with ...more »

Submitted by

Who are your customers? Check all that apply : General Public

What is your organization? : Software developer not specific to health care

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

On Premise Interface Software Developer and Consulting and BAA's

I work for a software manufacturer that produces software that interfaces our customers various clinical systems to their EHR's and other applications. We do not store, maintain, transmit or manage PHI for our customers. We do configure their HIT interfaces that manage, transmit and modify PHI. Our technicians also routinely see PHI as they are helping customers troubleshoot issues and perform configuration changes. ...more »

Submitted by

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Your products send, receive, and/or view data/information to/from an EHR or related platform

Voting

1 vote
1 up votes
0 down votes