tim wohlford • over 11 years ago
HIPAA?
Anyone at the VA ever heard of HIPAA? I mean, the thought of this app being functional just sends my HIPAA-trained blood cold!
What is asked for here (depending on how you read the very vague instructions) is not that difficult to do. What you ask to do is very difficult to do if you consider the security implications, and probably would never be implimented on any system that is under HIPAA jurisdiction....
Comments are closed.
3 comments
Mark Scrimshire • over 11 years ago
If a Personal Health Record is controlled by a patient then implementing a BlueButton download on a Physician or Hospital System Portal would not be a violation of HIPAA. The patient would have to log in to their record on the source system. They click the download and export the data to a system they control.
That is not a violation of HIPAA.
Brian Wilkins • over 11 years ago
All the VA is trying to do is have a standardized system for all physicians that exports the data into the PHR format (which is just an ASCII text file). The patient would still have to authenticate somehow (username/pass, token, etc). That's my take anyways. I don't see how HIPAA applies.
James Speros Manager • over 11 years ago
Tim –
Thanks for sharing your thoughts about how HIPAA applies to the Blue Button℠ app. We’re assuming you’re writing about HIPAA privacy and security – if we missed your point, let us know.
And Mark and Brian -- you nailed it.
We totally agree that people won’t download their data with a Blue Button℠ app if they can’t be sure that data is safe and secure. That’s why one of the things we want in every app is full compliance with the HIPAA privacy and security regs.
There are a lot of apps out there -- right now, today -- where health plans make data available to their patients online and a few, like VA, where patients can download their data using Blue Button℠ technology.
And all of them are safe and secure because before you can see or download your data, you need to get the same kinds of logon and password credentials you use when you do other things which require privacy and security – like online banking. Or dealing with your auto insurance company.
When we put this Contest together, we didn’t see privacy and security issues as that difficult because, frankly, so many folks have solved that problem already.
What we’re hoping is that through the Contest, developers find better, more efficient, hopefully simpler and less expensive ways of doing the same thing. And helping Veterans and all Americans get better access to their own health data.