Ok I acquired the idea of HIPAA. Because of all individuals who participated. But anybody has real experience regarding how to setup the web site and programming. I'm attempting to implement this with .Internet. Is SSL Certificate enough to guarantee the privacy from the information. This really is the one thing I will have webforms that will submit this data towards the DB, additionally a document will probably be attached that contains the health background from the patient.

Sometimes inside a hospital, so this is what I'm able to offer: Hipaa protected info is any info that

  1. "[i]s produced or received with a healthcare provider, health plan, public health authority, employer, existence insurance provider, school or college, or healthcare reference" and
  2. "[r]elates towards the past, present, or future physical or mental health or condition of the individual the supply of healthcare for an individual or even the past, present, or future payment for that provision of healthcare for an individual."

The gist, and also the large factor to bear in mind would be that the congress were really wise on that one. HIPAA info involves such things as SSN, address, title, insurance number, insurance carrier, etc. But what you are able not realize is the fact that greater than just individuals could be personally determining.

Saying "that guy from Boise using the brain tumor" is potentially identifiable too. It gives you a sex, location, and diagnosis and it is pretty simple to tie to someone. Even saying "that individual from Phoenix is [going to need to go]/[just went] for chemo" is potentially HIPAA info because it offers a superior PII.

Where you are obvious in HIPAA is to give that info for those who need it to get the job done, or where it's free from INDIVIDUAL information. X hospital in phoenix saw Y chemo patients is okay, AFAIK.

In either case, when you are coping with something similar to HIPAA, you will need to be talking to an attorney, not a lot of developers.

Edit in reaction for your edit: storing HIPAA details are not by itself a breach of HIPAA. Hospitals do this constantly. Passing on to individuals who don't require it may be the breach.

In case your plan's to keep and distribute HIPAA info, you will want a number of things:

  • Strong Authorization Methods - you need to make certain only individuals who require it may have it
  • Robust Security - self explanitory
  • logs, logs, logs, and much more logs. When government bodies come knocking, you have to have the ability to verify each and every time you passed out information, what information you passed out, whom you handed information to, and WHY they crucial that information to get the job done

To provide a good example, within our clinical information program, everybody lower to the nurses and doctors are audited on who they pull data on, and what data they pull. When they pull data on any patient who isn't one they're directly accountable for, there's an excellent possibility of the The spanish language Inquisition.

Again, though, I urge you to definitely consult an attorney or at the minimum have somebody to very safely pin blame on to ensure that you may be absolved if your breach does happen. HIPAA comes with teeth.