Comment by parsimo2010
Comment by parsimo2010 8 days ago
HIPAA applies to covered entities, and this app may not be considered a covered entity (the closest they come is a clearinghouse and they probably do not fit the definition), but HIPAA has rules concerning how covered entities deal with business associates.
Kate's App would almost certainly fall under the definition of a business associate, and no health care provider should be entering protected information into the app without entering into an official agreement that the data will be protected according to HIPAA rules.
So technically Kate's App isn't doing anything illegal, but any health care provider entering info into this app would be. To fix the situation, Kate's App needs to certify that their app is compliant and provide an official agreement for providers. Otherwise healthcare providers should stay away, and this app would only be useful for friends and family members.
(I am not a lawyer, but I have analyzed health care data and it's cumbersome to deal with, especially if you are transmitting over a network). https://www.hhs.gov/hipaa/for-professionals/covered-entities...
> To fix the situation, Kate's App needs to certify that their app is compliant and provide an official agreement for providers. Otherwise healthcare providers should stay away, and this app would only be useful for friends and family members.
The OP mentions this is for family members and specifically excludes medical providers from the intended audience.
> This is not a clinic portal, and is not associated with any insurance or medical providers.
It seems the target audience is multiple family members involved in coordinating a loved one's care.