Just to add to what Bill has said: I have included a audit trail to record access to patient records, editing changes, additions, etc...
You should also incorporate an automatic logoff from your program after an inactivity timeout. Steve Vellella Bill Downall wrote: > marc, > > I downloaded a 475 page document, but haven't sorted out the > "software compliant" part of it yet. I am attending a conference later in > January including a HIPAA session. If you want, I'll report when I'm > back from the conference, hosted by the Society of Actuaries. (I can > hardly wait. I hear they are a really fun bunch. <g>) > > So far, based on requirements of our health care industry customers, > we have revised all printed reports so that SSN almost never prints > with a customer name. We have stopped emailing any reports from the > R:Base application, even with passworded PKZIPPED files containing > the reports, because that is not good enough for HIPAA, unless the > email is encrypted also. Instead, we use 128-bit encryption on SSL > web servers or SSL ftp servers. > > Our application has role-based security, where every user has to log in > with username and password, and is prevented from access to any > functionality that is not required by their role. > > Bill > > On Thu, 9 Jan 2003 05:39:56 -0800 (PST), marc schluter wrote: > > >I have aprox 30 doctors offices using my app to bill > >patients and insurance. Some have asked if my > >software is HIPAA compliant. As far as I can tell > >there is very little I have to do on my end to be > >ready for HIPAA.
