Please sign in to comment.
Dana Lewis: hacking HIPAA
Dana lays this out beautifully, and I had not realized before: Note: I still advocate for editing HIPAA out of the "Known issues" section. Here's why - Nighscout is not a covered entity. (See the attached screenshot from http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/Downloads/CoveredEntitycharts.pdf that talks about health clearinghouse - we're not processing the data on behalf of a legal entity, so we're not a covered entity). Since not a covered entity, HIPAA does not apply to Nighscout and doesn't need to be referenced. (And that should be the response to the FDA for any verbal questions about HIPAA. We are individuals doing things with our data as is our right to do so, HIPAA does not apply to individuals sharing or distributing their personal data). I think referencing the security and privacy and access controls to Nightscout is worth mentioning for sure; just not in the context of HIPAA. She's right: the covered entity would be the "deployer" of the system, or the family/users themselves. Many thanks for this hack.
- Loading branch information...