Questions tagged [hipaa]

The US-american "Health Insurance Portability and Accountability Act" of 1996 (HIPAA) is Public Law 104-191, which was enacted on August 21, 1996.

The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. To date, the implementation of HIPAA standards has increased the use of electronic data interchange. Provisions under the Affordable Care Act of 2010 will further these increases and include requirements to adopt: operating rules for each of the HIPAA covered transactions, a unique, standard Health Plan Identifier (HPID), a standard and operating rules for electronic funds transfer (EFT) and electronic remittance advice (RA) and claims attachments.

In addition, health plans will be required to certify their compliance. The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules.

106 questions

votes

1 answer

Are there HIPAA requirements to encrypt our database hosted in AWS

I'm developing Medical Billing & EHR Software. On completion we are planning to use AWS for hosting and thus provide SAAS. Do we need to encrypt the MySQL database in order to keep HIPAA compliance? I'm aware of HIPAA requirements for data at rest…

asked May 30 '14 at 06:05

Arun Kumar

votes

1 answer

HIPAA compliant blob storage architecture

There is a task to design a system to store sensitive data securely (should be HIPAA compliant in the future). It's just a draft - this will not be used in production in a foreseeable future. I have a prototype inspired by TrueVault and want to know…

encryption aes storage hipaa architecture

asked Apr 10 '14 at 15:33

Antiarchitect

votes

2 answers

Can you protect corporate email on personal phones without the option of wiping all personal data?

Our company recently announced a new IT policy that requires encryption of any personal smartphone used to connect to the corporate Exchange server. As far as I can tell, they're using Exchange ActiveSync encryption. Part of this new policy is that…

mobile hipaa smartphone

asked Jun 20 '13 at 13:12

Beofett

votes

1 answer

Securing Isolated AWS Deployments to comply with HIPAA/HITECH

HIPAA Security Hounds...How would you view an AWS deployment that included a set of systems deployed together at AWS (within a single, secured Virtual Private Cloud), using a key to encrypt all storage, and only allowing authenticated users to…

encryption hipaa

asked Jan 17 '13 at 18:29

JoeD

votes

1 answer

Privacy laws' right-to-amend (and right-to-delete) requests and archived data/backups

Under HIPAA and some privacy laws (in US, EU and other countries), the user has the right to amend (under some laws even delete) his/her data. What is the right way to handle a request to amend/delete regarding archived data or backups? That data…

privacy backup hipaa

asked Jan 15 '13 at 09:12

MV.

votes

2 answers

Is it safe to keep decrypted data in memory?

Due to new laws in my country, any personal information must to be stored encrypted in the database. So, to be able to perform querys over this data I was thinking to keep an in-memory copy of these tables with decrypted data. For example, to get…

encryption databases hipaa

asked Jun 25 '20 at 13:35

Beetlejuice

votes

0 answers

May have breached hipaa by accident

I'm new as a software dev and I was assigned to implement some changes to an application. When I asked my colleague I was told it didn't exist a test version and said it had to be uploaded to the real application. Hearing this I was eager to see the…

hipaa

asked Feb 23 '18 at 17:40

Kndler

votes

0 answers

HIPAA compliant chat app with 3rd party provider without signing a BAA?

Short: If the data (PHI) I send to a third party is already encrypted, do I still need to sign a Business Associate Agreement (BAA) with them to stay HIPAA compliant? Long: To be specific, I was considering Twilio's chat solution and they claim it…

cloud-computing hipaa cloud-storage

asked Feb 21 '18 at 21:03

Murat Ozgul

votes

1 answer

Best way to secure a cross-platform mobile app for HIPAA compliance

I'm developing a cross-platform, offline first mHealth application using Ionic 3 and Cordova which may need to be HIPAA compliant in the near future. It uses PouchDB as a client-side DB, HTTPS, at-rest encryption server-side when server-side…

mobile file-encryption hipaa

asked May 05 '17 at 18:20

juliet

votes

1 answer

How to download PHI PDF from a secure website to a secure, encrypted folder on Windows 7?

Objective: HIPAA compliance. Here is the process: Receive PDF File through secure website Open the PDF (Which involves downloading to some folder) No longer need PDF The Question: Is there any way to simply view the PDF in the browser without ever…

encryption passwords hipaa

asked May 09 '12 at 01:25

Jeff

votes

1 answer

Shared floor space, cameras and HIPAA compliance

I am a compliance associate at my company, which is a small call center. My problem is that two of our clients will have to share floor space. One client is tech support for high-end action cameras, while the other is a healthcare account that deals…

hipaa healthcare

asked Aug 17 '16 at 21:04

Dadfia

votes

1 answer

Approved Certificate Authorities for certification/compliance with HIPAA, PCI etc

Are there any requirements in PCI or HIPAA, or other security standards that may impact general government, payment processing, healthcare, that would disqualify any CA vendors that are trusted by the major browsers from being a valid choice for…

certificate-authority pci-dss hipaa

asked Mar 23 '16 at 20:45

bkr

votes

0 answers

HIPAA/FISMA certification for IT audits

I currently work for an IT security company that is looking to expand our services offered to clients. Two avenues we are looking at is reviewing FISMA and HIPAA compliance for our clients. I have been tasked with looking at getting our auditors…

hipaa certification

asked Dec 14 '15 at 18:27

POSH Geek

votes

0 answers

Does our support chat need to be HIPAA compliant?

We are currently using olark to provide an instant chat support feature to our customers. Customer typically ask about outages, setup issues, etc. We are in the process of trying to become HIPAA compliant but I just found out olark is not HIPAA…

compliance hipaa

asked Dec 02 '15 at 19:16

RandomDeduction

votes

1 answer

Avoiding HIPAA, part 2

I'm building a new website, that may be subject to HIPAA. But I won't normally need access to the data. If I encrypt, or somehow encode, the personally identifiable parts, so only the user can decrypt or decode them, would HIPAA still apply? This is…

hipaa

asked Oct 13 '15 at 19:12

Dan

Prev 1 2 3

5 6 7 8 Next