Jump to content

HIPAA Requirements

This topic is 4583 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Can anyone point me in the direction of a concise list/outline of HIPAA requirements for software apps.

We generally leave it up to our clients to determine the compliance of the apps that we customize for them, but we would like to know the true requirements.

Link to post
Share on other sites

McCue, Heather: FileMaker and HIPAA – A Tool of Compliance, 37 pages

FileMaker and HIPAA

See the description of PatientFM that claims to be "HIPAA Secure"


Overview in Wikipedia


[color:red]Accounts and Privileges:

Procedures should clearly identify employees or classes of employees who will have access to electronic protected health information (EPHI). Access to EPHI must be restricted to only those employees who have a need for it to complete their job function.

The procedures must address access authorization, establishment, modification, and termination.

Covered entities must also authenticate entities it communicates with. Authentication consists of corroborating that an entity is who it claims to be. Examples of corroboration include: password systems, two or three-way handshakes, telephone callback, and token systems.

[color:red]Encryption / SSL (FileMaker Server 9):

Information systems housing PHI must be protected from intrusion. When information flows over open networks, some form of encryption must be utilized. If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.

[color:red]Audit trail / audit logging

Each covered entity is responsible for ensuring that the data within its systems has not been changed or erased in an unauthorized manner.

Happy FileMaking Ralph Nusser

Sogetes Computer-Services

Link to post
Share on other sites

This topic is 4583 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Similar Content

    • By cbum
      Our institution is now requiring PHI-containing databases to log not just modifications to records, but to log every access/viewing of any record. They want to be able to respond to the question "Who has looked at my medical record, even with no change to the record?".
      I am not aware how to achieve this with FM, do any of the add-on programs have such features?
      I am facing the forced elimination of a critical database, built over 15 yrs, if this cannot be achieved.
      Thanks for any suggestions.
  • Who Viewed the Topic

    4 members have viewed this topic:
    Mike E. Koessler  bertmaker  Johnn  rudym88 

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.