Jump to content
Sign in to follow this  
Matt Klein

HIPAA Requirements

Recommended Posts

Can anyone point me in the direction of a concise list/outline of HIPAA requirements for software apps.

We generally leave it up to our clients to determine the compliance of the apps that we customize for them, but we would like to know the true requirements.

Share this post

Link to post
Share on other sites

McCue, Heather: FileMaker and HIPAA – A Tool of Compliance, 37 pages

FileMaker and HIPAA

See the description of PatientFM that claims to be "HIPAA Secure"


Overview in Wikipedia


[color:red]Accounts and Privileges:

Procedures should clearly identify employees or classes of employees who will have access to electronic protected health information (EPHI). Access to EPHI must be restricted to only those employees who have a need for it to complete their job function.

The procedures must address access authorization, establishment, modification, and termination.

Covered entities must also authenticate entities it communicates with. Authentication consists of corroborating that an entity is who it claims to be. Examples of corroboration include: password systems, two or three-way handshakes, telephone callback, and token systems.

[color:red]Encryption / SSL (FileMaker Server 9):

Information systems housing PHI must be protected from intrusion. When information flows over open networks, some form of encryption must be utilized. If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.

[color:red]Audit trail / audit logging

Each covered entity is responsible for ensuring that the data within its systems has not been changed or erased in an unauthorized manner.

Happy FileMaking Ralph Nusser

Sogetes Computer-Services

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Similar Content

    • By cbum
      Our institution is now requiring PHI-containing databases to log not just modifications to records, but to log every access/viewing of any record. They want to be able to respond to the question "Who has looked at my medical record, even with no change to the record?".
      I am not aware how to achieve this with FM, do any of the add-on programs have such features?
      I am facing the forced elimination of a critical database, built over 15 yrs, if this cannot be achieved.
      Thanks for any suggestions.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.