Skip to content

Commit

Permalink
Dana Lewis: hacking HIPAA
Browse files Browse the repository at this point in the history 
Dana lays this out beautifully, and I had not realized before:

        Note: I still advocate for editing HIPAA out of the "Known issues"
        section.  Here's why - Nighscout is not a covered entity. (See the
        attached screenshot from
        http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/Downloads/CoveredEntitycharts.pdf
        that talks about health clearinghouse - we're not processing the data
        on behalf of a legal entity, so we're not a covered entity). Since not
        a covered entity, HIPAA does not apply to Nighscout and doesn't need to
        be referenced. (And that should be the response to the FDA for any
        verbal questions about HIPAA. We are individuals doing things with our
        data as is our right to do so, HIPAA does not apply to individuals
        sharing or distributing their personal data).

        I think referencing the security and privacy and access controls to
        Nightscout is worth mentioning for sure; just not in the context of
        HIPAA.

She's right: the covered entity would be the "deployer" of the system, or the
family/users themselves.
Many thanks for this hack.
  • Loading branch information
@bewest
bewest committed Aug 4, 2014
1 parent 26ed545 commit 26fc838
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions source/04-development-overview.rst
View file
Expand Up @@ -70,13 +70,14 @@ and effective operation of the Nightscout rig.


Known issues Known issues
++++++++++++ ++++++++++++
There are several proposed improvements and known issues. Notably,
the system as-is is not HIPAA compliant. One of the key features in There are several proposed improvements and known issues. One key
this system that has helped to liberate people, and thus make them feature liberating people, and thus making them safer, is the ease of
safer, is the ease of use that accompanies publically accessible data. use that accompanies data being made accessible to other trusted
While we will adopt optional controls for authorizing and accessing individuals. While we will adopt optional controls for authorizing and
data, parents of this system value easily sharing data with a school accessing data, parents of this system value easily sharing data with
nurse with minimum hassle. a school nurse with minimum hassle; and adults using this system value
easily sharing their data as well.


Future plans Future plans
------------ ------------
Expand Down

1 comment on commit 26fc838

@bewest
Copy link
Member Author

@bewest bewest commented on 26fc838 Aug 5, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@scottleibrand (forgot to push this before mentioning it to Dana).

Please sign in to comment.