HIPAA/HIPAA 5010/PIPEDA compliance is a very touchy subject. Even though I have done work in this area before I do not want to be construed as having given you any sort of legal or binding advice.
Again, none of this should be seen as definitive, but these websites have a reasonable summary of what Protected Health Information means: http://whatishipaa.org/protected-health-information.php http://www.hipaa.com/2009/09/hipaa-protected-health-information-what-does-phi-include/ Another thing to note is that HIPAA compliance is not for software, but for an organization using software in a HIPAA compliant way. You will never get a program "HIPAA compliant" but you can say that "used in this way, it can be used in a HIPAA compliant fashion." I recommend you get in touch with a lawyer who has experience with software development companies who are interested in driving their software into HIPAA compliant workflows. Best regards, Joan Touzet ----- Original Message ----- From: [email protected] To: [email protected] Sent: Sunday, April 27, 2014 10:39:45 PM Subject: HIPPA rules I'm wondering if anyone has dealt with building applications using CouchDB while having to follow HIPPA compliance? My question is, what information follows under these rules? For example, if I"m storing: - Patients Name - Patients Email - Supplements 'Prescribed' Does this fall under HIPPA rules? or would additional information require HIPPA compliance, for example: - Social Security Number - DOB - Medical Conditions There does not seem to be a set checklist of what information would make an application fall under the rules or not.
