Questions tagged [hipaa]

The US-american "Health Insurance Portability and Accountability Act" of 1996 (HIPAA) is Public Law 104-191, which was enacted on August 21, 1996.

The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. To date, the implementation of HIPAA standards has increased the use of electronic data interchange. Provisions under the Affordable Care Act of 2010 will further these increases and include requirements to adopt: operating rules for each of the HIPAA covered transactions, a unique, standard Health Plan Identifier (HPID), a standard and operating rules for electronic funds transfer (EFT) and electronic remittance advice (RA) and claims attachments.

In addition, health plans will be required to certify their compliance. The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules.

106 questions

votes

1 answer

Gmail Voicemail Encryption

I want to listen to my voicemails in a secure but convenient fashion. I plan do this by having my PBX encrypt the voicemail using openssl aes 256 cbc with salt and a single static password. The voicemail would be emailed to my Gmail address where I…

asked Jun 21 '14 at 13:05

SILENT

votes

1 answer

HIPAA compliant on Azure cloud?

We are using WebRoles to host our api, Table storage to persist PHI and Blob Storage to persist MRIs and CT images. What is required to become HIPAA Compliant? -- Edit 2014-02-17 -- I just want to know where to start

compliance cloud-computing hipaa

asked Feb 16 '14 at 13:51

Mahmoud Samy

votes

2 answers

Determining if company is considered a business associate under HIPAA?

I am trying to clearly understand the HIPAA regulations a court reporting company must adhere to. Let's say the court reporting company does not directly contract with any covered entities but does contract with law firms who would be considered a…

hipaa

asked Feb 03 '14 at 17:45

Sequenzia

votes

1 answer

Is this HIPAA-protected health information?

We're developing an online events calendar for a senior assisted-living facility.They want to record, in the system, the names of facility residents who attend each event. There would be no other information recorded except for the resident's name.…

hipaa

asked Jul 31 '13 at 07:55

rahum

votes

1 answer

How to secure data on production environment

Question Suppose you design a data lake with sensitive data. Due to immaturity of tools, dynamic data masking is unavailable. You have MFA, encryption at rest, audit logging, ETL processing data and people that develop/support/debug that ETL. The…

encryption databases data-leakage sensitive-data-exposure hipaa

asked Sep 12 '21 at 23:51

VB_

votes

3 answers

Keyless entry security systems and HIPAA implications

We are upgrading our office to have badged security doors. What I would particularly like to know is if Keyless Entry systems exist or are of decent quality. By this I mean, I would like the doors to behave like the new keyless entry cars (you get…

access-control physical hipaa

asked Dec 03 '12 at 01:29

Rikon

votes

1 answer

Is sending an Email without any PHI violates HIPAA privacy rule?

I am evaluating options to choose email providers for a HIPAA compliant web application. I understand that, if the email contains any form of PHI, it would be violating the HIPAA rule especially if the email is not encrypted. What if the email that…

compliance hipaa

asked May 17 '20 at 15:54

Ajeesh Joshy

votes

0 answers

Maintaining HIPAA compliance with company dividing into two parts

I am a consultant and I have a client who is planning on dividing into two different companies. Let's call the company "A" where no Hipaa will be required and "B" for which it will be required. Currently the company is sharing an active directory…

hipaa

asked Nov 29 '18 at 13:28

LUser

votes

1 answer

What is the point of HIPAA de-identification + re-identification?

Section 164.514(c) of the HIPAA of Privacy rules discusses re-identification of PHI. If a covered entity or business associate successfully undertook an effort to identify the subject of de-identified information it maintained, the health…

hipaa

asked Nov 15 '18 at 18:11

Paul Draper

votes

1 answer

HIPAA non-business associate for contract work

I have been asked by the sole owner/employee of a blood testing business to make her a web site. This web site would simply be used to schedule appointments for her patients. For this reason information such as Name Phone number Address Email…

legal compliance hipaa risk

asked Aug 15 '18 at 17:26

Element Zero

votes

1 answer

Can I say that my web app is HIPAA compliant?

My team and I created a web app that transfers data from a VOIP system (recorded calls, voicemails, faxes, texts) to cloud storage (Google Drive, Amazon S3, Box.com). In and of itself, our app follows HIPAA guidelines. I have a background in medical…

oauth api hipaa

asked Jan 29 '18 at 21:52

Matt Spinks

votes

2 answers

Would it be HIPAA compliant to share docs with EHR data between two HIPAA compliant Gsuite organizations

Assuming both organizations have HIPAA compliant G-Suite and have signed the necessary legal documents. My gut says this should not be a problem as its done within the google servers, am I missing something?

hipaa google-apps

asked Nov 06 '17 at 22:19

novirt

votes

1 answer

NewMFA Requirement For HIPAA?

I was told by a vendor that there's new guidance effective in 2017 that mandates Multi-Factor Authentication for all systems that host PHI. They said that things like white-listing IP addresses was good enough to satisfy this requirement. Is this…

multi-factor hipaa

asked Aug 01 '17 at 16:14

the_joey_o

votes

3 answers

How to achieve other security compliances/certifications on AWS after satisfying HIPAA?

Our infrastructure is built entirely on AWS and we went through the HIPAA process to ensure that our system is HIPAA-compliant. Where should we look or what next steps can we take to obtain other certifications (e.g. ISO 27001, SOC 1/2/3)?

hipaa iso27001 aws soc

asked Feb 10 '17 at 19:32

Paul Lam

votes

1 answer

HIPAA compliance: how much does it matter?

I'm working with an android app sending data to a service hosted on AWS. The provider specifies that AWS in itself isn't HIPAA compliant. In which way should this by a source of worry? Regardless of the nature of the data, what specific elements…

account-security hipaa

asked Dec 21 '16 at 19:58

Francky_V

Prev 1 2 3 4 5 6

8 Next