Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Dana lays this out beautifully, and I had not realized before: Note: I still advocate for editing HIPAA out of the "Known issues" section. Here's why - Nighscout is not a covered entity. (See the attached screenshot from http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/Downloads/CoveredEntitycharts.pdf that talks about health clearinghouse - we're not processing the data on behalf of a legal entity, so we're not a covered entity). Since not a covered entity, HIPAA does not apply to Nighscout and doesn't need to be referenced. (And that should be the response to the FDA for any verbal questions about HIPAA. We are individuals doing things with our data as is our right to do so, HIPAA does not apply to individuals sharing or distributing their personal data). I think referencing the security and privacy and access controls to Nightscout is worth mentioning for sure; just not in the context of HIPAA. She's right: the covered entity would be the "deployer" of the system, or the family/users themselves. Many thanks for this hack.
- Loading branch information
26fc838
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@scottleibrand (forgot to push this before mentioning it to Dana).