CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviCase (Moderator: Dave Greenberg) »
  • CiviCRM Case and HIPPA
Pages: [1]

Author Topic: CiviCRM Case and HIPPA  (Read 3735 times)

rflemin

  • I post occasionally
  • **
  • Posts: 73
  • Karma: 2
    • DCRCA (DC Recovery Community Alliance)
  • CiviCRM version: 3.3
  • CMS version: Drupal 6.26
  • MySQL version: 5.1.26
  • PHP version: 5.2.6
CiviCRM Case and HIPPA
April 27, 2009, 07:48:10 am
Can anyone speak to whether CiviCRM, Case, and/or Drupal are HIPPA (Health Information Privacy and Portability Act) compliant? Since the Physicians Health case study was developed in Canada, they may not have dealt with this, but every health (and quasi-health) care provider in the US has to. Google hasn't turned up much on this topic, except to say that Drupal's open API may make it too easy to gain access to patient/client health records. With the Obama Administration's interest in electronic health records, I think this question will come up a lot.
I'm implementing CiviCRM on Drupal for an advocacy group, but we are considering offering mentoring/coach services and it would be nice to do everything on one app. Thanks for any advice.

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: CiviCRM Case and HIPPA
April 27, 2009, 07:54:45 am

Since we have not investigated HIPPA when developing CiviCRM/CiviCase etc, i'm pretty neither CiviCRM or Drupal are HIPPA compliant

If there is a group of org that wants HIPPA compliance and is willing to fund / sponsor / educate the community on what needs to be done to make it so, it can happen.

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

Andrew Clarke

  • I’m new here
  • *
  • Posts: 9
  • Karma: 1
Re: CiviCRM Case and HIPPA
April 27, 2009, 11:49:23 am
Here's my take on this.  Most of what HIPPA deals with has to do with the certification of the social system, not an IT system.   So to say that "Drupal isn't HIPPA compliant" I don't think makes sense.  You can only really say whether a particular organization's use of Drupal is HIPPA compliant or not.

On the information systems side, there are only a couple of "gotchas" with HIPPA.  They've adopted a few standardized vocabularies, all of which are ones that we intend to support in versions of CiviCase that are scheduled for release soon.  I suspect that with the recent interest from some US Physician Health Programs, we'll soon have an opportunity to demonstrate the HIPPA compliance of the CiviCase system.  At that point, it's a matter of other organizations looking at how we did it, and doing likewise.   

Most of what demonstrates HIPPA compliance is an ability to audit your past actions.  The one place where I can see this being a technical problem is that currently we don't track and log events where someone views a record.  We are already currently tracking and logging every instance where a record is edited, but don't track some other stuff, such as when record X was included in search results that were returned to user Y, and when user Y actually viewed record X.   I've proposed those as potential candidates for inclusion in CiviCase iteration 3.

rflemin

  • I post occasionally
  • **
  • Posts: 73
  • Karma: 2
    • DCRCA (DC Recovery Community Alliance)
  • CiviCRM version: 3.3
  • CMS version: Drupal 6.26
  • MySQL version: 5.1.26
  • PHP version: 5.2.6
Re: CiviCRM Case and HIPPA
April 28, 2009, 07:09:25 am
Thanks for both responses, especially the latter. In response to Donald Lobo, I started doing a little research and found what Andrew said -- "it's the mushware, stupid". But I'm glad to hear future iterations will take HIPPA-like concerns into the design thinking. There was an interesting article in Sunday's (April 26) Washington Post by a veteran of the Health IT wars, citing the high cost of developing and implementing electronic health records, but with no mention of OS systems. It was also a little naive about how standards get made. It's usually through an advisory process, or an Administrative Procedure Act draft-comment-and response cycle similar to non-governmental standards setting. So CiviCRM can indeed lead the way by developing a good product that demonstrates that HIT doesn't have to be a cash cow for the big guys. The problem is, the commercial interests can afford to file comments and send people to advisory committee meetings where end-users and OS developers can not.

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: CiviCRM Case and HIPPA
April 28, 2009, 08:02:32 am
Quote from: rflemin on April 28, 2009, 07:09:25 am
The problem is, the commercial interests can afford to file comments and send people to advisory committee meetings where end-users and OS developers can not.

I think if OSS software developers/products work in silos, commercial interests can afford to do a lot more. However the beauty and power of OSS is the ability for groups to form of similar interests and passion. I think such groups can and do match up well to commercial interests in various meetings. Apache / Mozilla / Linux are good examples in various standard committees

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviCase (Moderator: Dave Greenberg) »
  • CiviCRM Case and HIPPA

This forum was archived on 2017-11-26.