kudos icon +

Developers and HIPAA

Web Based Portal HIPAA Requirements

If a DME supplier, vitamin supplier, text reminder application, auto payment system for patient accounts, or a website management company collects PHI data via a web portal are they considered a Business Associate? For example, the company has created a web portal or downloadable software application that requires internet access, with fields that collect data, and that data helps the provider manage patient custom... more »

Voting

3 votes
3 up votes
0 down votes
kudos icon +

Developers and HIPAA

Text messaging and HIPAA

There is currently a lack of clarity about whether patient consent to communicate via (unencrypted) SMS is adequate to protect covered entities from HIPAA concerns. HHS (and medical research) has released data supported use of non-encrypted SMS, given its high accessibility to patients and its efficacy in achieving behavior change (e.g. medication compliance, smoking cessation).

Many covered entitites feel that this... more »

Voting

23 votes
23 up votes
0 down votes
kudos icon +

Developers and HIPAA

Desktop application for Videodermatoscopy

Godo morning,

We are an Italian software house and we would like to commercialize our software for Videodermatoscopy in USA.
Before that we would be sure that our software is HIPPA compliant because it stores patient's health information such as: name, surname, address, phone number, information about health status and specific information about patient's diseasies, photos of the patient and its mole, therapies, etc.etc.... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

'Medical Info' field in attendance mobile app

We are working on a mobile app that tracks attendance for fitness instructors/martial arts schools. Instructors can create classes and save their students in them. Part of the data entered for a student includes a field called Med Info, which would be along the sorts "Has asthma" or "Allergic to peanuts" just to give general examples. This is done so instructors can be prepared and aware of any health conditions with... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

On Premise Interface Software Developer and Consulting and BAA's

I work for a software manufacturer that produces software that interfaces our customers various clinical systems to their EHR's and other applications. We do not store, maintain, transmit or manage PHI for our customers. We do configure their HIT interfaces that manage, transmit and modify PHI. Our technicians also routinely see PHI as they are helping customers troubleshoot issues and perform configuration changes.... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

Web app records meds, but not identifiable to patient.

I'm working on a free web application for use by healthcare providers that tracks the usage of antibiotics. I intend to make the application available to anyone as a tool without entering into any formal agreements. The tool would track such information as:
facility census,
medication name, dosage, date given, etc.
patient age, gender, height, weight, etc.

The tool would NOT use identifying information such as name,... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

HIPAA Compliance with third party

Hi

I am wondering regarding the need to have a BAA with suppliers that do not store medical data but have data that can lead to medical information like IAM cloud services or services for password management (LastPass or 1 password)

there is no medical information that I transfer but I store user and password to my Medical DB for instance

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

Doe’s remote access Healthcare provider requires HIPPA complianc

We provide support to healthcare provider while accessing server and clients.

The healthcare server DB stores ePHI (Only medical record number).

As part of our support we are potentially exposed to the mentioned ePHI.

We do not extract ePHI nor download locally.

The question is:

Do we need to be HIPPA compliant?

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

Is a BAA required with SMS service

If my provider is communicating PHI and non-PHI with patients through a 3rd party SMS service, such as Twilio, would my provider be required to sign a BAA with an SMS service company or such a company be classified as a conduit? We are sending encrypted data to the SMS service which is then sending unencrypted SMSs to patients. Patients can then potentially respond to those SMSs via unencrypted SMS which would be directed... more »

Voting

7 votes
7 up votes
0 down votes