![]() Health Plans include health insurance companies, HMOs, company health plans, Medicare, and Medicaid. All of these entities are considered Healthcare Providers and need to be HIPAA compliant Healthcare Providers are exactly who you think of: hospitals, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies. Covered entities use PHI as part of their patient care. Department of Health & Human Services (HHS) Healthcare Providers, Health Plans, and Healthcare Clearinghouses are all Covered Entities. What is a Covered Entity Under HIPAA?Ī covered entity is anyone who provides treatment, payment and operations in healthcare.According to the U.S. HIPAA hosting typically meet just one aspect-the physical safeguards-of the law, and HIPAA requires compliance to technical, physical and administrative requirements. Using a HIPAA hosting environment is also not enough to meet HIPAA requirements. Simply stating that the application wasn't intended to collect or store PHI is not a valid explanation during a HIPAA audit or breach. If your application collects PHI, whether by design or not, it must be HIPAA compliant. ![]() One important consider for application developers and PHI is that there can be many edge cases where users add PHI to your application through their regular use, even if your application wasn't designed or intended to carry PHI. ![]() If you are building an application that deals with health information you may be evaluating whether the types of information collected will be considered PHI or not. Protected Health Information and Developer Considerations This includes PHI on desktop, web, mobile, wearable and other technology such as email, text messages, etc. What is ePHI?ĮPHI is Electronic Protected Health Information and is All individually identifiable health information that is created, maintained, or transmitted electronically by mHealth (link to mHealth page) and eHealth products. Data about blood sugar and sleep patterns collected by Apple's Healthkit and accessed by an app to share with a doctor falls under HIPAA. ![]() However, the trend in mobile health data collection is toward the sharing of health data with health care providers-making it PHI by definition.įor example, the Nike Fuel Band does not need to be HIPAA compliant because it does not track PHI and you can't transmit that data from the device to a covered entity. If you are building a wearable device or application that collects health information, but does not plan on sharing it with a covered entity at any point in time then you do not need to be HIPAA compliant. The test is straightforward: if the device or application you are building records or transmits the user's personally-identifiable health data held in the app or device and is used by a covered entity in the course of care, then you are dealing with PHI and need to be HIPAA compliant. So how do you know if you're dealing with protected health information (PHI) or consumer health information? The Difference Between Protected Health Information and Consumer Health Informationįor developers, determining whether an application collects PHI or not is critical to determining whether HIPAA compliance requirements need to be met or not.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |