| ▲ | roegerle 9 days ago |
| So HIPAA isn't rocket science and HHS provides plenty of HIPAA guidance. Kate's App isn't providing healthcare so HIPAA doesn't apply. |
|
| ▲ | otterley 9 days ago | parent | next [-] |
| The site might be deemed a Business Associate, depending on the specific facts, which we don't fully possess. That's why I recommended the owner seek counsel. |
| |
| ▲ | roegerle 9 days ago | parent [-] | | A business associate to who? The user? | | |
| ▲ | bagels 8 days ago | parent [-] | | A covered entity (eg. doctor, nurse, etc.) | | |
| ▲ | yunwal 7 days ago | parent [-] | | How could this app possibly be considered a business associate to a provider? The provider has no idea it’s even being used, let alone a formal association with the application. | | |
| ▲ | bagels 7 days ago | parent | next [-] | | "Kate's App is a tool created to support medical caregivers" The landing page doesn't make it clear whether providers are expected to use it or not. | |
| ▲ | otterley 7 days ago | parent | prev [-] | | Look up the definition of “provider” in HIPAA’s text. The definition is extremely broad and doesn’t just cover doctors and pharmacists. |
|
|
|
|
|
| ▲ | daveguy 9 days ago | parent | prev | next [-] |
| This is not true. I'm not a lawyer, but I am in the healthcare field. HIPAA very much applies to this type of app or any other type of app that may deal in personally identifying information (PII) related to healthcare. |
| |
| ▲ | roegerle 9 days ago | parent [-] | | I was too. https://www.hhs.gov/hipaa/for-professionals/covered-entities... | | |
| ▲ | daveguy 8 days ago | parent [-] | | It would be a mistake to assume a SaaS that stores healthcare PII for coordinating healthcare is not covered under HIPAA. An exception should be filed at the very least. Edit: If no healthcare provider has access then maybe it could skate by. I interpreted "any user making notes to your account" to mean healthcare providers would have access. Even if not, they should still seek legal counsel. And this app is literally promising safety and security of healthcare information. |
|
|
|
| ▲ | 9 days ago | parent | prev [-] |
| [deleted] |
