Posted by acstyxx on March 14, 2011 at 5:20pm
I am trying to build a new Patient Portal site for exposing Personal Health Record information to meet Meaningful Use measures of timely access for out EHR. I am planning to expose that PHI through a web service from our EHR and build a custom module in Drupal to make that data accessible through the portal.
I am looking for examples of sites in production or development that expose Protected Health Information through Drupal.
Categories: Drupal, healthcare, HIPAA, PHI
Comments
HIPAA compliance isn't PCI
HIPAA compliance isn't PCI compliance, but I'm wondering how much overlap there is:
http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountabi...
https://www.cms.gov/hipaageninfo/
Is HIPAA compliance what's required? If so, the compliance policies seem more stringent.
http://www.cms.gov/EducationMaterials/03_TransactionsandCodeSetMaterials...
If you've gone through PCI compliance, the implementation knowledge and info available can help out with a variety of sections: http://groups.drupal.org/node/22614
You're going to need more feedback then this.
[Edited: grammar]
HIPAA vs PCI
PCI is about credit card info while HIPAA is about personal health information. There is some overlap in IT tools, policies and procedures but also a considerable amount of individual components.
If you need the guidance I can provide some insight.
José G.
HIPAA and not PCI
I am not looking at PCI compliance, although I do think that is a good reference point. Most of the PCI compliance criteria are based on how data is transported and stored. My concerns are more around segregation of data based on login. I need to show how the system is secured and resistant to fraud to prevent sharing of personal health information.