Questions tagged [hipaa]

The US-american "Health Insurance Portability and Accountability Act" of 1996 (HIPAA) is Public Law 104-191, which was enacted on August 21, 1996.

The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. To date, the implementation of HIPAA standards has increased the use of electronic data interchange. Provisions under the Affordable Care Act of 2010 will further these increases and include requirements to adopt: operating rules for each of the HIPAA covered transactions, a unique, standard Health Plan Identifier (HPID), a standard and operating rules for electronic funds transfer (EFT) and electronic remittance advice (RA) and claims attachments.

In addition, health plans will be required to certify their compliance. The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules.

106 questions

votes

9 answers

Can PHI be HIPAA compliant on a cloud?

I have read conflicting information on whether PHI can be stored and delivered on a cloud in a HIPAA compliant manner. I hear many people saying you cannot share infrastructure and be HIPAA compliant. What needs to be taken into consideration when…

hipaa cloud-computing

asked Mar 02 '12 at 19:57

William

votes

6 answers

Is it okay for our IT support contractor to remote in without authorization?

We are a healthcare IT company. My machine has PHI on it. Our IT contractor verbally asked if he could remote in to fix my printer so I said sure. I expected some sort of prompt to allow it but he was just in. Some form of VNC I guess. Is this…

remote-desktop hipaa

asked May 09 '16 at 15:50

THE JOATMON

votes

3 answers

What are best practices to adhering to HIPAA encryption requirements?

As HIPAA's language is somewhat vague when it comes to actual technical requirements, what are best practices for PHI encryption for HIPAA compliance? I've seen varying levels at different organizations. Some just encrypt it in transfer, some when…

hipaa encryption

asked Oct 12 '11 at 19:09

John Straka

votes

3 answers

Do HIPAA Security Officers face personal liability for breaches?

The role of HIPAA Security Officer is very important in maintaining compliance. In smaller organizations, there's overlap in employees' roles, so the person that ends up as the HIPAA Security Officer may not have a whole lot of background in…

hipaa compliance

asked Oct 12 '11 at 19:50

John Straka

votes

5 answers

Is Google Analytics HIPAA compliant? How can I find out?

I'd really like to implement Google Analytics at my work on web software that is required to be HIPAA compliant. But I'm wondering if it's against the rules. Does anyone know how I can find out? I've searched Google, but there isn't much there on…

hipaa compliance

asked Nov 08 '11 at 12:57

Ben

votes

2 answers

Is encrypted email doctor/patient communication required by HIPAA, HITECH or Meaningful Use

I want to point out, from the start, that I know all about the Direct Project and I am huge fan of work to provide easy-to-use standards based secure email for doctor-patient communication. I am not asking a "should" question here. I know…

hipaa email

asked Apr 04 '12 at 22:25

ftrotter

votes

3 answers

What is a reasonable approach for deidentifying data?

I have been asked by a client to deidentify the PHI data in their database and I'm either over-simplifying the process or my client is overly paranoid. Perhaps you can tell me which is the case. This client's need for de-identification is two-fold.…

hipaa

asked Nov 22 '11 at 14:34

Darvis

votes

3 answers

Does marketing data trigger HIPAA Privacy?

If I was a marketing firm who provides an analysis on visitor statistics from anonymous members who then ties that in to a CRM to track conversions, what do I have to do to the data to ensure that those customers information is handled properly…

hipaa

asked Dec 28 '11 at 18:39

Steve Buzonas

votes

2 answers

HIPAA compliance without PII

I have a web site where people fill medical syndrome questioners. They can see how their condition changes during the time period. I am not storing ANY PII information, just user name. I can store in encrypted (if I have to). My question is – Do I…

regulation hipaa

asked Dec 15 '11 at 08:43

AaronS

2,575
5
22
26

votes

4 answers

Proper implementation of HIPAA within iOS app with several factors

We are developing an iOS app that allows users to store/modify Protected Health Information (PHI) and the app needs to allow users to do so without an internet connection for large parts of the process. We will need to encrypt the data but are…

encryption ios hipaa

asked Aug 05 '15 at 22:46

user72066

votes

2 answers

Is accession number+service (CPT code)+date of service considered PHI (protected health information) under HIPAA?

Imagine you are designing a system that's comprised of overdue worklists for doctors (e.g., Doctor X you have 3 overdue studies to look at). In the notification, you identify the studies they have to review by their accession number / CPT code /…

hipaa

asked Feb 17 '12 at 20:27

dr jimbob

38,768
8
92
161

votes

3 answers

What is the term to use when logging an event where a user downloads or prints PHI?

My application logs accesses to PHI. I need to add a log item for things like downloading and printing. Is there a general term that I can use to describe these events? I'm thinking something like "export" or "externalize". I want to represent that…

hipaa

asked Feb 09 '12 at 17:32

Freiheit

votes

1 answer

What solution is compliant with HIPAA for for web-based electronic digital signatures?

I'm interested in having physicians digitally sign pdf documents we create, in a HIPAA-compliant manner. Ideally, there would be an open-source solution, but I'm also willing to consider a digital signing service such as EchoSign. Update: We've…

hipaa

asked Feb 29 '12 at 01:02

Jeff Bauer

votes

1 answer

Is downloading a PDF from a browser-based app locally a HIPAA issue?

Here's a scenario: An intranet CPOE application User runs a report, which downloads as a PDF and opens in Acrobat on the local PC User leaves the PC without logging out or closing Acrobat CPOE times out and auto-logs the user out The PDF with…

hipaa

asked Mar 18 '12 at 19:37

Martin Haluza

votes

4 answers

Is having theoretical access to PHI a HIPAA breach, even if no one accesses it?

This is an entirely hypothetical question. Lets say a clinic has a computer in their waiting room for checking email, surfing the web etc. while patients wait. Lets also assume whoever signed this up wasn't thinking, and this machine is just sitting…

hipaa

asked Oct 28 '11 at 03:36

Fomite

2 3 4 5 6 7 8 Next