6

Ok so I would for a branding company and we're just scratching the surface of collecting pharma data. I know a bit about HIPAA com pliancy but I guess where I'm fuzzy is..

A). when collecting data via a form, do I need to de-identify the data.. I.e. store it across separate tables etc. B). who/what has access to the functions/procedures to unencrypted any data stored. C). Can the database be a MySQL database? D). Do I need a certification/approval/license to do any of this?

Basically what do I need to do, besides encrypting the data and storing it on a HIPAA compliant server. I want to capture customer data via a form. Thanks!

Greg Thompson
  • 816
  • 4
  • 11
  • 30
  • 5
    Talk to a lawyer for this sort of thing. This site is for programming advice, not legal matters. – Marc B May 12 '11 at 15:29
  • 4
    As with quantum physics, people who claim to understand HIPAA don't understand HIPAA. – ceejayoz May 12 '11 at 15:32
  • 4
    To be fair... PCI Compliance is the same type of issue, and we have 2,500 of those questions on SO. While I agree this is off topic, I might suggest that it is relevant. – Brad May 12 '11 at 15:58
  • Yeah, I agree with all of these... I was even hoping for someone just to point me in the right direction. It's hard to find any factual descriptions of where to get started. I'd even be interested in a consultant, but it's crazy, for something with such strict guidelines, there's so many gray areas and unanswered questions. – Greg Thompson May 12 '11 at 17:20
  • possible duplicate of [Web site HIPAA compliance](http://stackoverflow.com/questions/1506354/web-site-hipaa-compliance) – Brad Larson May 12 '11 at 17:33

0 Answers0