We are a small startup team that is distributed nationwide. To date everyone has used their own personal computers to login into work email, etc. Is it a requirement that we purchase and make all of our employees use only their work computers for development and access to our db? It's understood that we need a robust password policies and defined lists of who has access to any sensitive data where ever they may be.
Can organizations adopt the less stringent password measures recently updated in NIST 800-63-B and still be compliant under the HIPAA security rule?
Additionally, a risk analysis could identify that these services would help to reduce the risk, threats and vulnerabilities in-scope systems,... more »
Does HIPAA have any restrictions on offshore development and/or customer support functions if the parent company is based in U.S. and/or if the foreign entity is owned and/or controlled by an entity based in U.S.?
- Is public website browsing behavior considered PHI as is suggested in the current Winston Smith V. Facebook case (http://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=2175&context=historical)? This could impact a number of common services used... more »
Developers need better guidance around patient generated health data, since HIPAA focusses on one-way data sharing from a provider/other covered entity outward to the patient/other entity. In the future, more and more data will be flowing in the opposite direction, and there should be guidance to clarify that HIPAA should not prevent the flow of information from the patient back to the provider.
Many covered entitites feel that this... more »
1. Would a text message sent to an individual that includes the name of their health insurance company (but no other health information) be subject to HIPAA regulations?
2. Would a text message sent to an individual that includes the name of their... more »
We are an Italian software house and we would like to commercialize our software for Videodermatoscopy in USA.
Before that we would be sure that our software is HIPPA compliant because it stores patient's health information such as: name, surname, address, phone number, information about health status and specific information about patient's diseasies, photos of the patient and its mole, therapies, etc.etc.... more »