Comment by colechristensen

I'm not a lawyer so I can give a little bit of legal advice, but... yeah get a lawyer.

Anybody who is a healthcare provider, anybody who gets paid to do anything that smells even a little bit like health care shouldn't touch this with a ten foot pole. They shouldn't look at it or touch it or think about it very intensely.

If you don't want to be in violation, don't receive medical information, don't store it, don't advertise that you handle it in any way.

Good advice:

- don't do anything at all that suggests that you will handle anything that even slightly hints it is storing, transmitting, or in any way touching healthcare information without being HIPAA compliant.

- especially don't do this as a side project, have a corporate structure with a very solid liability shield and don't do anything to pierce the veil

- do you want to avoid a 5,6, or 7 digit liability? Do everything you can to appear to be trying in good faith to follow the law and comply with regulations. Do things. Keep records of doing those things.

- even if you're _not_ required to, look up and follow the regulations, better yet, actually be HIPAA compliant even if it's not required. Many of these things you should be doing anyway even in very different fields.

- for God's sake get a lawyer and don't ask for advice on the Internet. Pay for the time for someone to sign off on what you do and whether or not you're inside the law