CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Pre-installation Questions (Moderator: Dave Greenberg) »
  • Is CiviCase HIPAA compliant?
Pages: [1]

Author Topic: Is CiviCase HIPAA compliant?  (Read 1194 times)

JoeMurray

  • Administrator
  • Ask me questions
  • *****
  • Posts: 578
  • Karma: 24
    • JMA Consulting
  • CiviCRM version: 4.4 and 4.5 (as of Nov 2014)
  • CMS version: Drupal, WordPress, Joomla
  • MySQL version: MySQL 5.5, 5.6, MariaDB 10.0 (as of Nov 2014)
Is CiviCase HIPAA compliant?
July 20, 2010, 01:02:17 pm
Well, that's not exactly the question that should be asked. Rather, can CiviCRM and its CiviCase component store patient information in way that would make it eligible to be used in an organization that needs to be HIPAA compliant?

http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1075697,00.html does not seem to pose any significant issues, though I'm concerned about the potential benefit of encryption in case of data loss.

It seems that small outfits may not have to high end systems: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html

The contact anonymization features seem like they would be useful in a certification or audit.

Reviewing the minimum necessary compliance requirements for privacy at http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/incidentalusesanddisclosures.html it appears to me that CiviCRM easily clears the required threshold.

Has this every come up anywhere? Has any organization tried and succeeded or failed in being certified as HIPAA compliant while using CiviCRM?

Seems like a potential big market.
« Last Edit: July 20, 2010, 01:09:10 pm by JoeMurray »
Co-author of Using CiviCRM https://www.packtpub.com/using-civicrm/book

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Is CiviCase HIPAA compliant?
July 21, 2010, 02:31:20 pm
Joe - You should chat with Andrew Clarke at Physician Health Project about this. Some of the enhancements they sponsored in 3.0 and 3.2 were targeted at moving "towards" HIPAA compliance. However, one item that they indicated "might" be required did not get implemented - detailed logging of which users viewed which records.
Protect your investment in CiviCRM by  becoming a Member!
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Pre-installation Questions (Moderator: Dave Greenberg) »
  • Is CiviCase HIPAA compliant?

This forum was archived on 2017-11-26.