Developers and HIPAA

Text messaging and HIPAA

There is currently a lack of clarity about whether patient consent to communicate via (unencrypted) SMS is adequate to protect covered entities from HIPAA concerns. HHS (and medical research) has released data supported use of non-encrypted SMS, given its high accessibility to patients and its efficacy in achieving behavior change (e.g. medication compliance, smoking cessation). Many covered entitites feel that this ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), General Public, Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit, Developer working on homegrown apps within a health care setting

Voting

21 votes
21 up votes
0 down votes

Developers and HIPAA

HIPAA Compliant Forms

I am in the process of working with a hospital that is using a marketing software product to integrate forms into a new website project. We have recently got into the discussion regarding HIPAA compliance. It turns out the product's forms are not HIPAA compliant. With that being said the information being captured by these forms on the site are not intended to be capturing medical information. The purpose of these forms ...more »

Submitted by

Who are your customers? Check all that apply : General Public, Patients/Individuals/Consumers

What is your organization? : Small company

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

Chat requirements

Are there any specific requirements that we should keep in mind when putting together a solution to provide PHI to a customer via a chat channel? Would it even be feasible? Assuming customer is identified (previously registered or asked to provide dob or some personal information

 

Thanks

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Developer working on homegrown apps within a health care setting

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

web based CASE Management Tool

I have a web application that allows a patient and a doctor to create an account. the patient can upload his medical history and associate scanned files to his account. the patient then selects a doctor within the web application and invites him to have a look at his case files. we are hosting this on a hipaa compliant environment under a BAA agreement. I am the only administrator who manages the system and I manage ...more »

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Your products send, receive, and/or view data/information to/from an EHR or related platform

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

Push Notifications

We have a communication platform where providers, patients, family members can connect and communicate securely. The patient can set their own preferences around how they receive notifications about types of messages, and from whom in the app. We would like to send the patient a push notification so they are aware there is a new message in the app. We can send a push notification that says" There is a new message in the ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Push Notifications

We have a communication platform where providers, patients, family members can connect and communicate securely. The patient can set their own preferences around how they receive notifications about types of messages, and from whom in the app. We would like to send the patient a push notification so they are aware there is a new message in the app. We can send a push notification that says" There is a new message in the ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Developer and HIPAA

Assume you have a software company that will be using a smartphone application and related device to record and store arguably protected health information. 1. Assume the software company stores the information on its own servers. The company is not subject to HIPAA (privacy or security rules) because it isn't a covered entity or a business associate of a covered entity, correct? 2. Now assume that the software ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Attorney/other compliance consultant

Voting

2 votes
2 up votes
0 down votes
Answered Questions

Developers and HIPAA

Scanning and Penetration Testing

Do entities need to run internal and external vulnerability scanning be HIPAA compliant? Do entities have to run penetration tests to ensure compliance? Reading ยง164.312(e)(2)(i) it seems that 'security measures' could include these tests, but does not specify a requirement for it. Additionally, a risk analysis could identify that these services would help to reduce the risk, threats and vulnerabilities in-scope systems, ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers

What is your organization? : Attorney/other compliance consultant

Voting

2 votes
2 up votes
0 down votes
Answered Questions

Developers and HIPAA

Data Recording

I am a student creating an app for school project. I was wondering if I have to be HIPAA compliant. I am creating an app, where diabetics can store their glucose and calculate insulin dosage. None of the information will be sent to hospitals or physicians. How would HIPAA work in this case? Thank you ahead.

Submitted by

Who are your customers? Check all that apply : General Public

What is your organization? : Other

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Does the name of a Health Insurance company constitute PHI?

Does having identifiable information of a person and the name of the health insurance company they are enrolled in (or name of other covered entity) constitute a PHI record? 1. Would a text message sent to an individual that includes the name of their health insurance company (but no other health information) be subject to HIPAA regulations? 2. Would a text message sent to an individual that includes the name of their ...more »

Submitted by

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Not for profit

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Does the name of a Health Insurance company constitute PHI?

Does having identifiable information of a person and the name of the health insurance company they are enrolled in (or name of other covered entity) constitute a PHI record? 1. Would a text message sent to an individual that includes the name of their health insurance company (but no other health information) be subject to HIPAA regulations? 2. Would a text message sent to an individual that includes the name of their ...more »

Submitted by

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Not for profit

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Health Information Systems and HIPAA Compliance

We're a non profit organisation seeking to deploy an open-source health management application for use. We classify as a Business Associate as we provide services for a health care provider under HIPAA. We urgently need to know what exactly are the requirements a health information system needs to meet in order to satisfy HIPAA. It would be helpful to know if there's some document or checklist to work with. We'd also ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor)

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Developer working on homegrown apps within a health care setting, EHR vendor

Voting

2 votes
2 up votes
0 down votes