#infiniteScrollFallBackButton("load-previous-ideas", $pagerUrlFactory.getURL($pagerContext.getPreviousPage().getCurrentPageIntNumber()), $l.msg("ideas.load.previous"))

Developers and HIPAA

New to Hippa

Can someone assist me? We are working with a client of ours who would like us to create a billing application that will be a web based system. It will deal with patient and insurance carrier data. Where do we start? What do we need to do when building the about? Technical? What do we need to do from administration side? We will be dealing with UB-04 for billing.

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Facility Directories

Can someone elaborate on what is allowed for facility directories under 164.510? The regulations say the directory can give the recipient the location of the patient (assuming all other requirements are met)? Can a covered entity (or its business associate) also give directions to the location? Can those directions be transmitted electronically (e.g., via e-mail or otherwise) to someone who asks for the patient by name... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

HTTPS Communication for HIPAA Compliant API

Hi,

 

We are trying to send medical data from clinics to an Amazon S3 service via an https connection (using an API). The S3 is configured with a policy for complying with HIPAA guidelines. The question I have is - If https communication to S3 is implemented with complying encryption standards, is the solution to transport data HIPAA compliant?

 

Regards,

Nitin

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Teaching Hospitals and HIPAA Privacy

I work for a University medical school that employs physicians as faculty and who teach at the hospital. I would like to know more about how far the ability access patient's records for educational purposes reaches. For example, if a Radiologist faculty member treated several patients with interesting or notable conditions and wanted to use the films as a teaching guide for residents, then what guidance or protocols... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

HIPAA Training

Employees of a Business Associate must be trained on the basics of HIPAA. Startups and emerging companies want to ensure that the training their employees receive meets the standards expected by OCR. Similar to the practices of OSHA, can OCR provide a standardized training program on key HIPAA issues?

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Risk Assessment Tool

Small companies and Business Associates are eager to meet their security requirements under HIPAA. Many smaller B.A.s have stated that they are unable to use the current security risk assessment tool because they believe it is needlessly cumbersome, redundant, and designed for Covered Entities. Do you recommend that Business Associates start to use private tools instead of the current tool for risk assessments? If so,... more »

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Logging Activity within an Application

In order to be HIPAA compliant, should all activity that occurs with in an app be logged, or should activity that exceeds the normal threshold be logged? For instance, users that access information in the application routinely during the course of their work day will evince a regular level of activity. The activity will indicate routine access of sensitive information. Should the log contain all of the users activity,... more »

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

HIPAA E-Signature Requirements

We are a small organization starting up a tele-health initiative. We would like to deliver a copy of our Notice of Privacy Practices electronically and have patients acknowledge receipt via check box prior to completing our online intake forms. This method is used for acceptance when one downloads software online. We are having a difficult time understanding the requirements for this. Can it be a check box and/or typed... more »

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Scanning and Penetration Testing

Do entities need to run internal and external vulnerability scanning be HIPAA compliant? Do entities have to run penetration tests to ensure compliance? Reading §164.312(e)(2)(i) it seems that 'security measures' could include these tests, but does not specify a requirement for it. Additionally, a risk analysis could identify that these services would help to reduce the risk, threats and vulnerabilities in-scope systems,... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

App Customization

A consumer focused app receives a request from one of its users, a hospital, for a customization of the product. The customization is created in response to the user request and treated the same as other requests. The app developer then makes it available to their entire user base, not just the requester, and no fee is paid. Does this make the app developer a business associate of the covered entity?

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Connected Device Maintenance via App

A physician provides their patient with a medical device (like a CPAP or Glucose Meter). The company that created the medical device wants to monitor the maintenance of the machine. All of the information collected by the device that is sent to the physician is covered under a business associate agreement. Can the company that created the medical device receive information about the maintenance/operation of the device... more »

Voting

6 votes
6 up votes
0 down votes

Developers and HIPAA

Clarify the definition of PHI for online consumer interactions

I see a great deal of variation from organization to organization on what constitutes PHI in the digital realm. I have several scenarios that I'd like your thought on: - Is public website browsing behavior considered PHI as is suggested in the current Winston Smith V. Facebook case (http://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=2175&context=historical)? This could impact a number of common services used... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

What does "on behalf of a covered entity mean"

What triggers acting "on behalf of a covered entity", A, or B, or other? A. A covered entity uses your app (you are not paid or have signed a BA; they just go online and use it). B. Getting hired by them. We have an app that patients and providers use for chronic disease management. Does not integrate with EHR. Patients enter their progress and providers review it and can message back and forth. We think we are not... more »

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Hospital Outpatient Pharmacy Notice of Privacy Practices

If a patient acknowledges receipt of a Notice of Privacy Practices when admitted to a Hospital, does the Hospital-owned outpatient pharmacy using the same electronic software have to provide a second Notice and obtain patient acknowledgement again? Can the original notice cover all outpatient departments under Hospital ownership?

Voting

3 votes
3 up votes
0 down votes
#infiniteScrollFallBackButton("load-next-ideas", $pagerUrlFactory.getURL($pagerContext.getNextPage().getCurrentPageIntNumber()), $l.msg("ideas.load.more"))