1. Free Legal Help, Legal Forms and Lawyers. TheLaw.com has been providing free legal assistance online since 1995. Our most popular destinations for legal help are below. It only takes a minute to join our legal community!

    Dismiss Notice

HIPAA Compliance necessary? California

Discussion in 'Health Insurance, HMO, HIPAA & Disability' started by Mark Pedersen III, Aug 24, 2020.

Tags:
  1. Mark Pedersen III

    Mark Pedersen III Law Topic Starter New Member

    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Jurisdiction:
    California
    So I am making a mobile application,
    And part of that is that patients can leave testimonials for their doctor (and we are paid by the doctor, so I believe we are a business associate).

    No information about the patient is collected other than what they say in their paragraph.
    We don't ask for names, emails, or that they were even a patient.

    My worry is that instead of saying "I had X surgery and I feel great"
    They would say "my name is Y, I had X surgery and I feel great".

    If they did say their name, does that throw us out of HIPAA compliance? Or because they wrote it in themselves, it's okay to appear on our platform, and be transmitted on our servers?
     
    Last edited: Aug 24, 2020
  2. PayrollHRGuy

    PayrollHRGuy Well-Known Member

    Messages:
    1,133
    Likes Received:
    559
    Trophy Points:
    113

    There is no reason to think that you would have any HIPAA compliance issues.

    "The Security Rule applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”) and to their business associates."

    But just to make sure, read this site. Are You a Covered Entity? | CMS
     
  3. Mark Pedersen III

    Mark Pedersen III Law Topic Starter New Member

    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    So we would be a business associate because we also provide generic pre-op and post-op instruction, (again, don't save or transmit any patient data), so this isn't the part I'm worried about.

    I'm just wondering, in the case where we do have to be HIPAA compliant,
    Does taking and posting a testimonial that the patient submits through the app, non compliant?
     
  4. Mark Pedersen III

    Mark Pedersen III Law Topic Starter New Member

    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    So we would be a business associate because we also provide generic pre-op and post-op instruction, (again, don't save or transmit any patient data), so this isn't the part I'm worried about.

    I'm just wondering, in the case where we do have to be HIPAA compliant,
    Does taking and posting a testimonial that the patient submits through the app, non compliant?
     
  5. cbg

    cbg Super Moderator

    Messages:
    8,449
    Likes Received:
    1,589
    Trophy Points:
    113

    The patients are allowed to give their medical information to anyone they choose to.
     
    hrforme and Mark Pedersen III like this.
  6. PayrollHRGuy

    PayrollHRGuy Well-Known Member

    Messages:
    1,133
    Likes Received:
    559
    Trophy Points:
    113

    Of course not. The patient is free to release their own medical info to anyone they would like.
     
  7. Tax Counsel

    Tax Counsel Well-Known Member

    Messages:
    1,510
    Likes Received:
    850
    Trophy Points:
    113

    Do you make it clear to people using the app that the comments they submit will be made available to others to see?
     

Share This Page