Developers and HIPAA

Developers and HIPAA

Data Masking in EMR

Data masking or controlled access provides a means for patients to control disclosure of select information within the EHR. http://www.nature.com/gim/journal/v10/n7/pdf/gim200876a.pdf Can patients request that access to sensitive data be controlled? Can patients request that only certain people can access their PHI? Can they request an audit of how their data has been shared by a covered entity? If so, do (or should) ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : General Public

What is your organization? : Consumer advocacy organization

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

Nonprofit Emergency Medical Services

Is a nonprofit EMS company (501c3) required to have a notice of privacy practices if it is an emergency response group? What aspects of HIPAA are applicable to a nonprofit EMS group?

Submitted by
Add your comment

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Not for profit

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

Cyberinsurance evaluation and options

Does OCR recommend any guides to developers to help them evaluate different kinds of cyberinsurance policies and to determine what types and levels of insurance are needed depending on the application they have developed and for general company compliance?

Submitted by
Add your comment

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company, Your products send, receive, and/or view data/information to/from an EHR or related platform

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

Implementations with external services & Testing

When implementing external services with clients (such as exposing an API to external clients), are there any HIPAA rules/regulations around testing the implementation in a non-prod environment before going live in production? Are there any concerns with PHI or security with testing an implementation (of say an API with an external client) directly in a production environment?

Submitted by
Add your comment

Who are your customers? Check all that apply : Other

What is your organization? : Other

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

Which video chat apps are HIPAA-compliant?

Is Skype or any other video chat app HIPAA-compliant? Which video chat apps can currently be used for telehealth treatment activities involving general physicians or involving mental health professionals?

Submitted by
1 comment

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers

What is your organization? : Attorney/other compliance consultant

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Are We a Covered Entity?

A business associate provides no medical advice, medical services, medical devices, etc. But it talks to patients of the covered entity. Those patients tell the business associate what prescriptions they have for prescription drugs and when they must be refilled. The business associate faxes the refill request to the pharmacy. Does that make the business associate a covered entity?

Submitted by
2 comments

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers

What is your organization? : Attorney/other compliance consultant

Voting

1 vote
1 up votes
0 down votes
Answered Questions

Developers and HIPAA

Unencrypted PHI in the Cloud

From Kevin Wiggins, Saul Ewing: If a CE puts PHI on the Cloud and later terminates that Cloud as a service provider, there is inevitably some data remanence, thus leaving PHI on the Cloud. NIST Special Publication 800-80 addresses this by suggesting CEs use crypto-erase. What if the CE previously sent unencrypted PHI to the Cloud? Is it as simple as extending the protections of the contract to the information and ...more »

Submitted by
2 comments

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers

What is your organization? : Attorney/other compliance consultant

Voting

1 vote
1 up votes
0 down votes
Answered Questions

Developers and HIPAA

Provider suggested use of an App - there is a breach

A provider or a wellness management company, which are both subject to HIPAA because they collect and house PHI. If that provider or wellness provider suggest to a patient that they use an app (the app was not developed for them and there has been no communication with the app company that the providers are going to use the app) to gather health data to share with them and the app company suffers a breach of information. ...more »

Submitted by
1 comment

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other

What is your organization? : Trade association

Voting

1 vote
1 up votes
0 down votes
Answered Questions

Developers and HIPAA

BA Contracts between 2 BAs providing services to CE

Is a BA Contract required between a BA providing PHI to another BA of a CE? (for example, a CE requests their EHR vendor to send PHI to a data analytics firm OR a CE requests a data analytics firm to send PHI to another vendor doing work on the CE's behalf)?

Submitted by
Add your comment

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers

What is your organization? : Small company, For profit, Attorney/other compliance consultant

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Are we HIPAA compliant distributed team.

We are a small startup team that is distributed nationwide. To date everyone has used their own personal computers to login into work email, etc. Is it a requirement that we purchase and make all of our employees use only their work computers for development and access to our db? It's understood that we need a robust password policies and defined lists of who has access to any sensitive data where ever they may be.

Submitted by
Add your comment

Who are your customers? Check all that apply : Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Developer of Mhealth apps (not mobile medical apps)

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Cellular Voice HIPAA Compliant

I'm wondering if Verizon Home Phone connect with a analog phone hooked up to is violates HIPAA in any way. I'm more concerned about cellular technology VS POTS. There is no data transmission only voice.

Submitted by
Add your comment

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Government

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

BAAs with Vendors and Providers

If a company has a business associate agreement (BAA) with an electronic medical record (EMR) vendor, does that company also have to sign a BAA with each health care provider or provider group using that EMR in addition to their existing BAA with the vendor?

Submitted by
Add your comment

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Small company, Trade association

Voting

1 vote
1 up votes
0 down votes