Questions tagged [hipaa]

The US-american "Health Insurance Portability and Accountability Act" of 1996 (HIPAA) is Public Law 104-191, which was enacted on August 21, 1996.

The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. To date, the implementation of HIPAA standards has increased the use of electronic data interchange. Provisions under the Affordable Care Act of 2010 will further these increases and include requirements to adopt: operating rules for each of the HIPAA covered transactions, a unique, standard Health Plan Identifier (HPID), a standard and operating rules for electronic funds transfer (EFT) and electronic remittance advice (RA) and claims attachments.

In addition, health plans will be required to certify their compliance. The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules.

106 questions

vote

2 answers

Developers VS HIPAA

I am trying to bring a company up to HIPAA standards and help them secure their customer health information. A question that sometimes comes up is that developers want to take databases of customer's data and store it on their computers and work…

databases compliance hipaa

asked Dec 09 '17 at 07:47

LUser

vote

1 answer

Under HIPAA, is it allowable to remember/store user credentials?

My medical chat application is handling PHI, and it enforcing unique, secure logins which ensure that only authorized / appropriate people can access that data. For now, I implemented touchID Authentication with iOS. By this feature, device owner…

authentication hipaa credentials

asked Jul 26 '17 at 13:15

prinz

vote

1 answer

Application used in health industry: HIPAA HITECH hosting "requirements"

We have a scenario at my employer where we host an application that is used for uploading, storing, & managing documents related to patients' bills from healthcare providers. It is our knowledge so far that these documents contain PHI, and there…

cloud-computing hipaa

asked Apr 03 '17 at 18:07

maloitpro

vote

0 answers

certification to get in order to save PHI for European businesses

I work in a digital health company that will likely save personal Health information. I am conflicting what certification I best get in order to best meet the needs of business partners from Europe. Of course there are different requirements for…

privacy hipaa regulation eu-data-protection

asked Mar 16 '17 at 15:13

WebQube

vote

0 answers

What is EU-US security shield certificate means in term of EU PHI compliance

I'm facing a regulation issue. My servers are hosted on Google Cloud. I see that Google is HIPAA and Privacy Shield approved. If my database servers are hosted with Google and I'm storing personal health information there, am I allowed to store…

hipaa regulation

asked Mar 12 '17 at 14:03

WebQube

vote

0 answers

Is sending an audio file with a portion of an accession number a violation of HIPAA

Assuming a hypothetical scenario: The hospital radiology dictation system is down. The transcriptionist works off-site. The radiologist has the ability to record an audio file on his phone or laptop computer and email this to the transcriptionist to…

hipaa audio

asked Jan 11 '17 at 22:37

Jack

vote

0 answers

Does using Oracle TDE guarantees compliance to HIPAA, for persisting sensitive data?

Persisting sensitive customer pharma data is becoming more challenging with stricter HIPAA compliance guidelines, wondering if TDE solves it entirely or are there any gaps that a developer/dba should be aware of.

encryption hipaa oracle sensitive-data-exposure

asked Dec 18 '16 at 14:05

bluefalcon

vote

2 answers

AWS HIPAA requires hardware dedicated to a single customer

Amazon HIPAA compliance requires customers to run on dedicated hardware (https://aws.amazon.com/compliance/hipaa-compliance/). I would think isolation of the operating system and encryption of data at rest and data in transit would be enough. What…

hipaa aws

asked Nov 21 '16 at 00:01

henry

vote

1 answer

Can I send a Medical Record Number (MRN) via email internally?

We use Office 365, which might make a difference. Can I (legally) send an MRN, with no other demographic or health information, from me@mycompany.com to coworker@mycompany.com?

hipaa healthcare

asked Nov 14 '16 at 22:17

THE JOATMON

vote

1 answer

Crosswalks (aka Matrix) for InfoSec Compliance Standards

Looking to find a reference that maps the various control standards (i.e. HIPAA, PCI-DSS, GLBA, ISO) to each other. I envision the answer being a spreadsheet that outlines the controls for one standard (say ISO-27002) as row items and the other…

pci-dss compliance hipaa iso27000

asked Sep 29 '16 at 14:34

HashHazard

5,105
1
17
29

vote

0 answers

HIPAA Related question regarding Prescription Rx Reports

This is a close approximation of my in-person conversation at the Local CVS: Me: Hi, I'd like to get the 2015 Medication Report for myself and my wife. Clerk: I can print yours, if you have Photo ID, but not your wife's Me: So she has to come in…

hipaa

asked Apr 05 '16 at 20:02

Fred Deutsch

vote

0 answers

Is a business associates contract required to use hosted R&D services?

I'm on the "configuration management" team which, among other things, means I'm responsible for R&D systems, like: source control, issue tracking, team collaboration (wiki), etc. These are not production, customer systems with any patient or…

cloud-computing hipaa

asked Dec 15 '15 at 14:48

Anthony Mastrean

vote

2 answers

Avoiding HIPAA, will this work?

I'm building a new website, and I'm trying to figure out if I need to worry about HIPAA. And if I do, I'm trying to figure out a way I can stop worrying about HIPAA. An example of something kinda similar, is the symptom checker on WebMD. You can put…

hipaa

asked Oct 13 '15 at 06:43

Dan

votes

1 answer

"If encryption has not been implemented, a comparable alternative has been implemented"

What constitutes as a comparable alternative to encryption? I know that password keepers and other services are not comparable and are not considered encryption. If the context is authorized access only, does unmounting offline drives in a locked…

encryption access-control hipaa urac

asked Aug 25 '15 at 16:51

Jason

3,086
4
20
24

votes

0 answers

HIPAA requirements for local server

I am looking to create a ePHI database for a small physical therapy office and I would like some advice on some of the security that I will need to implement. Most computers will most likely have no internet access, except for doing scheduled…

mysql hipaa vlans

asked Sep 06 '14 at 23:03

CampSoup1988

Prev 1 2 3 4 5

7 8 Next