Questions tagged [hipaa]

The US-american "Health Insurance Portability and Accountability Act" of 1996 (HIPAA) is Public Law 104-191, which was enacted on August 21, 1996.

The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. To date, the implementation of HIPAA standards has increased the use of electronic data interchange. Provisions under the Affordable Care Act of 2010 will further these increases and include requirements to adopt: operating rules for each of the HIPAA covered transactions, a unique, standard Health Plan Identifier (HPID), a standard and operating rules for electronic funds transfer (EFT) and electronic remittance advice (RA) and claims attachments.

In addition, health plans will be required to certify their compliance. The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules.

106 questions

vote

1 answer

HIPAA vs. HTTPS

In the medical/pharmaceutical space as part of legal operating requirements, everyone has to comply with HIPAA standards ( http://health.state.tn.us/hipaa/ ) for moving personal medical information around. This means that, for example, you'd have to…

encryption tls hipaa

asked Mar 05 '15 at 02:24

sharedphysics

vote

1 answer

For FDA certification hipaa is mandatory?

I am working on a medical device. I want to FDA certification for it. The device is having ePHI (protected health information). So is it mandatory to have HIPAA compliance for FDA approval?

compliance hipaa

asked Jan 03 '15 at 07:57

Amit

vote

1 answer

How do you manage credentials to multiple remote systems?

We are a vendor that provides software to the healthcare industry, and our application is locally hosted on customer infrastructure. As such, we are provided with VPN access in order to be able to provide support for the software. Given the risk…

passwords password-management hipaa

asked Apr 21 '14 at 21:55

James Daniels

vote

0 answers

HIPAA Compliant App, using Encrypted Core Data vs Core Data Attribute Encryption

I am writing an iOS app which needs to be HIPAA compliant. The app should preferably function offline, so data needs to be stored on the phone. So here is what I was thinking of doing: On First Launch user enters username, password and a…

ios hipaa

asked Mar 14 '14 at 16:11

Taha

vote

1 answer

Is disaster recovery a requirement for any and every application that uses any ePHI?

HIPAA requirements seem to state that a disaster recovery plan is a required implementation, defined within the HIPAA Contingency Plan standard in the Administrative Safeguards section of the HIPAA Security Rule. What about if the application in…

hipaa

asked Oct 31 '13 at 23:11

Robert Pellerin

vote

1 answer

Can someone please briefly explain HIPAA compliance?

I worked in web hosting for several years, particularly security. I am familiar with PCI compliance and I would say the "short and sweet" guide to PCI for an eCommerce store is as follows: Client goes to the bank and gets a merchant…

pci-dss corporate-policy hipaa

asked Oct 12 '13 at 01:50

hippa-hippo

vote

0 answers

Out of Domain Requests for HIPAA Complaint Apps

I have a HIPAA complaint app which uses an API hosted at https://iswearthisissecure.com. Is the app allowed to make outbound requests to services that are not HIPAA compliant if no PHI is transferred? For example: Can I serve an image from our blog…

hipaa

asked Nov 20 '20 at 05:48

fny

vote

2 answers

HIPAA data encryption - Is database level encryption is enough?

If the database has a built in encryption possible such as Azure SQL Server's, Transparent Data Encryption (TDE) would this be enough for getting the HIPAA compliance ? Or even before storing any data that could be PHI like dates, names has to be…

databases compliance hipaa

asked Jun 11 '20 at 13:20

Ajeesh Joshy

vote

1 answer

Need of Encryption for storing Health Information

I am managing development of a platform for health service providers and thus, it houses health information about patients registered. The patient register themselves on the system and maintain their profiles. This system needs to be compliant to…

encryption hipaa

asked May 29 '20 at 10:09

Umair Ahmed

vote

0 answers

Are missing access logs for a non-production environment populated with over 5 million patient records a big deal?

LOL. I have no background in infosec, so I was hoping to get some input on a very strange thing that has come up involving my local health service provider. Any input would be swell! - A case study on how to screw up big time Consider the following…

privacy databases audit hipaa sensitive-data-exposure

asked Dec 09 '18 at 13:36

faustus

vote

1 answer

Is there such a thing as a "non-business associate contract" for HIPAA related work

I'm creating a website that is HIPAA related for contract work and want to make sure I dot all my i's. I keep seeing Business Associate contracts on the internet, but so far I have not seen anything amounting to a non-business associate contract.…

hipaa

asked Sep 17 '18 at 17:35

Element Zero

vote

1 answer

Bad medical security

I reside in Michigan, U.S.A and just recently took over the IT of a small medical practice. There is no real security in place and I am still undoing the horrific damage and lockouts put in place by the previous company. I have noticed horrible…

privacy web-browser password-policy hipaa

asked Sep 03 '18 at 18:21

Taxes45

vote

0 answers

HIPAA compliant BI reporting tool?

We are building an application for healthcare industry and we are planning to use a 3rd party BI tool for reporting which will directly connect to our postgres DB and generate the desired reports which we should be able to download as CSV or PDF.…

hipaa postgresql

asked Aug 23 '18 at 12:10

user3170450

vote

1 answer

How does TrueVault's de-identification process work?

I'm thinking of using TrueVault, but I'm not entirely sure about the sequence of events involved in de-identifying data and re-identifying it. More info here. Here is the process, as I understand it, but I don't know exactly in what order: PHI is…

mobile hipaa

asked Jun 10 '18 at 15:19

HSuman

vote

1 answer

For HIPAA, Does US Patient Data Have To Stay On US Servers?

For an application that stores US patient data, does HIPAA require that US data stays on US servers?

databases hipaa

asked Jan 27 '18 at 06:11

Ben Rei

Prev 1 2 3 4

6 7 8 Next