This is straight from the mouth of our resident HIPAA guru. (She's watching me type this)
Since individuals themselves are entering the information, you don't need to worry about any authorization. Instead, the responsible party are the folks entering the data. (your users)
It'd be different if someone were entering other people's data (such as a registrar). As long as the site/connection is secure, it's all gravy.
Our HIPAA guru suggests putting a disclosure on the form stating that the data is being transmitted securely.
Candace K. Cottrell, Web Developer
The Children's Medical Center
One Children's Plaza
Dayton, OH 45404
937-641-4293
http://www.childrensdayton.org
[EMAIL PROTECTED]
"There is no right price for the wrong product, even if it is inexpensive and delivered on time."
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
