Skip to content
Permalink
Browse files

Dana Lewis: hacking HIPAA

Dana lays this out beautifully, and I had not realized before:

        Note: I still advocate for editing HIPAA out of the "Known issues"
        section.  Here's why - Nighscout is not a covered entity. (See the
        attached screenshot from
        http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/Downloads/CoveredEntitycharts.pdf
        that talks about health clearinghouse - we're not processing the data
        on behalf of a legal entity, so we're not a covered entity). Since not
        a covered entity, HIPAA does not apply to Nighscout and doesn't need to
        be referenced. (And that should be the response to the FDA for any
        verbal questions about HIPAA. We are individuals doing things with our
        data as is our right to do so, HIPAA does not apply to individuals
        sharing or distributing their personal data).

        I think referencing the security and privacy and access controls to
        Nightscout is worth mentioning for sure; just not in the context of
        HIPAA.

She's right: the covered entity would be the "deployer" of the system, or the
family/users themselves.
Many thanks for this hack.
  • Loading branch information...
bewest committed Aug 4, 2014
1 parent 26ed545 commit 26fc8389f79a06e6cffa8a87bfbf2a32a6199d9c
Showing with 8 additions and 7 deletions.
  1. +8 −7 source/04-development-overview.rst
@@ -70,13 +70,14 @@ and effective operation of the Nightscout rig.

Known issues
++++++++++++
There are several proposed improvements and known issues. Notably,
the system as-is is not HIPAA compliant. One of the key features in
this system that has helped to liberate people, and thus make them
safer, is the ease of use that accompanies publically accessible data.
While we will adopt optional controls for authorizing and accessing
data, parents of this system value easily sharing data with a school
nurse with minimum hassle.

There are several proposed improvements and known issues. One key
feature liberating people, and thus making them safer, is the ease of
use that accompanies data being made accessible to other trusted
individuals. While we will adopt optional controls for authorizing and
accessing data, parents of this system value easily sharing data with
a school nurse with minimum hassle; and adults using this system value
easily sharing their data as well.

Future plans
------------

1 comment on commit 26fc838

@bewest

This comment has been minimized.

Copy link
Member Author

commented on 26fc838 Aug 5, 2014

@scottleibrand (forgot to push this before mentioning it to Dana).

Please sign in to comment.
You can’t perform that action at this time.