We're developing an online events calendar for a senior assisted-living facility.They want to record, in the system, the names of facility residents who attend each event. There would be no other information recorded except for the resident's name. Would this alone cause our system to have to comply with all 54 items of the HIPAA Security Rule? I can't tell whether resident names, in this context, is considered "protected health information." Thanks!
Asked
Active
Viewed 195 times
0
-
That's a good question, but if I were you I'd check with a legal counselor – Lucas Kauffman Jul 31 '13 at 08:50
-
Imagine if you had a list of the names of everyone who attended the "Alzheimers Support Group Meeting". Your list would reveal the names of everyone who was there, which is basically the same as revealing who has Alzheimers. – Lawton Jul 31 '13 at 20:36
1 Answers
4
Assuming the subject of each event is medical, you're essentially mapping real names (which are considered identifying information, i.e. part of PII) to a medical subject that is likely relevant to their personal health issues. As such, I'd almost certainly say that you're falling into HIPAA territory, and should get everything checked out by a lawyer and the appropriate regulatory bodies.
Polynomial
- 132,208
- 43
- 298
- 379