Questions tagged [hipaa]

The US-american "Health Insurance Portability and Accountability Act" of 1996 (HIPAA) is Public Law 104-191, which was enacted on August 21, 1996.

The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. To date, the implementation of HIPAA standards has increased the use of electronic data interchange. Provisions under the Affordable Care Act of 2010 will further these increases and include requirements to adopt: operating rules for each of the HIPAA covered transactions, a unique, standard Health Plan Identifier (HPID), a standard and operating rules for electronic funds transfer (EFT) and electronic remittance advice (RA) and claims attachments.

In addition, health plans will be required to certify their compliance. The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules.

106 questions

votes

4 answers

MS-SQL Monitoring/Auditing of PHI for HIPAA

We're currently looking for a solution (hardware or software-based) that can monitor and audit all PHI viewing activity per new HIPAA rules. We use MS-SQL for our production database. We have the following requirements: Can track…

asked Aug 01 '13 at 15:53

user28988

votes

2 answers

How to make an iPhone app HIPAA compliant?

How do we make a iPhone app HIPAA compliant. Our website is HIPAA compliant since we use encryption at rest, we use SSL, and other security provisions. Will using a SSL connection give us the advantage? Also, i believe that the iPhone provides…

encryption mobile hipaa iphone

asked May 03 '12 at 20:17

ariel

votes

3 answers

Is there an explicit standard for protected health info security similar to the one for the Payment Card Industry (PCI)?

See the following for dealing with credit information: https://www.pcisecuritystandards.org/security_standards/ Does a similar standard exist for PHI? Is one being developed?

hipaa

asked Oct 12 '11 at 21:32

John Straka

votes

2 answers

Cisco Registered Envelope Service (CRES), big security flaw?

While researching so called HIPAA compliant email providers, I came across Cisco Registered Envelope Service(CRES), which claims to be HIPAA compliant. According to this instruction, upon receiving an email (e.g. from the physician) containing an…

encryption email hipaa cisco

asked Mar 07 '16 at 21:40

icehenge

votes

1 answer

What documentation can I ask a vendor for to show HIPAA compliance

Over the past year, several vendors I've contracted with have claimed hipaa compliance. I have asked them for documentation of their compliance and I've never seen any. I would expect an audit signed off on by a third party, or a checklist showing…

audit compliance hipaa

asked Dec 06 '14 at 23:02

mcgyver5

6,807
2
24
45

votes

2 answers

Does there exist software that will scan a filesystem for possible files containing PHI?

I don't need a list of software (I know shopping questions are off topic), but my google-fu is failing me at this. Basically looking for software that will scan a filesystem looking for files that may contain Protected Health Information. Target OS…

software hipaa dlp

asked Apr 26 '13 at 16:46

MDMoore313

votes

2 answers

Can an HTML-based patient report be HIPAA-compiliant?

Assume I am creating an application that generates a report of health recommendations based on input patient diagnostics. My application receives no identifying information about the patient. It receives only a unique patient identifier (e.g.…

web-application web-browser compliance hipaa

asked Aug 08 '17 at 00:22

RobertAKARobin

votes

1 answer

Is FileVault 2 HIPAA compliant?

It looks to me like FileVault 2 uses AES 256 bit encryption for the desk. Does that mean that it meets the HIPAA "data at rest" standard? Is there something else I need to check about it?

disk-encryption macos hipaa

asked Jun 29 '15 at 15:57

Xodarap

votes

2 answers

Any advice on how to assure patients that a medical facility is well protected against identity theft?

My apologies if this question has been asked before. How does a medical practice assure patients that the practice follows excellent computer security practices? Conversely, how does a patient find this out? Some initial questions: Do any of the…

encryption audit hipaa identity-theft

asked Sep 18 '14 at 15:39

Bob Stromberg

votes

2 answers

Are AWS security groups sufficient to authenticate communication between instances? (HIPAA)

Say I have a private service that exposes sensitive information (PHI) via a REST API, and that I want to permit access to it from only one other service. Is it enough to partition these services into different security groups and restrict inbound…

authentication hipaa

asked Aug 06 '14 at 23:03

oxdeadlocc

votes

3 answers

Can name, DOB and ID be PHI?

Can a person's name, date of birth and proprietary ID be considered as PHI? Ex: Joe Doe, 11/25/1955, 45698745236.

hipaa

asked Nov 11 '15 at 22:59

mxarun

votes

0 answers

Do any specific steps need to be taken into account for the user's browser and browser caching for a HIPAA compliant web application?

I'm currently writing a web application that will need to be HIPAA compliant. It is very JavaScript heavy, and ePHI will be sent over an encrypted connection in the form of JSON. The transmission and storage of the data is known to be secure. …

web-browser javascript hipaa caching

asked Aug 14 '15 at 04:58

Nathan Lutterman

votes

1 answer

Hushmails "Secure Forms" & HIPAA

I just picked up a job for integrating Hushmail's Secure Web Forms into a medical website. The forms will submit patient's (PHI) data to Hushmail's servers, encrypt the data, and then send it to their Hushmail email account. Routing a form is…

encryption privacy hipaa

asked Jul 09 '15 at 05:52

Jer

votes

2 answers

Are foreign keys linking to a table with PHI considered PHI under HIPAA?

Table 1 has PHI and it's encrypted. Table 2 doesn't have PHI, isn't encrypted and has a foreign key to Table 1. I'd like to recommend the strongest security. If there's a requirement in HIPAA, it's not optional and must be done. If it's part of a…

databases hipaa

asked Mar 20 '15 at 19:50

Paraplastic2

votes

1 answer

Hipaa Compliant Server

I have an instance in Amazon EC2 and need to be HIPAA compliant. I have two questions, Should I need to do a block level encryption of the database storage. Should I need to encrypt sensitive data before storing in the database.

encryption databases hipaa

asked Jun 11 '14 at 09:03

user49158

Prev 1 2

4 5 6 7 8 Next