marc, I downloaded a 475 page document, but haven't sorted out the "software compliant" part of it yet. I am attending a conference later in January including a HIPAA session. If you want, I'll report when I'm back from the conference, hosted by the Society of Actuaries. (I can hardly wait. I hear they are a really fun bunch. <g>)
So far, based on requirements of our health care industry customers, we have revised all printed reports so that SSN almost never prints with a customer name. We have stopped emailing any reports from the R:Base application, even with passworded PKZIPPED files containing the reports, because that is not good enough for HIPAA, unless the email is encrypted also. Instead, we use 128-bit encryption on SSL web servers or SSL ftp servers. Our application has role-based security, where every user has to log in with username and password, and is prevented from access to any functionality that is not required by their role. Bill On Thu, 9 Jan 2003 05:39:56 -0800 (PST), marc schluter wrote: >I have aprox 30 doctors offices using my app to bill >patients and insurance. Some have asked if my >software is HIPAA compliant. As far as I can tell >there is very little I have to do on my end to be >ready for HIPAA.
