0
This is a very broad question, especially in that HIPAA strives to be "transparent" in that it will not define what methodology is acceptable, but rather, will tell you how to ascertain if your choice is properly made. There is no particular technology described under HIPAA.
The relationship between DB design and HIPAA is that, if HIPAA applies to the company who owns or uses the database, then the database (and lots else) much be created in such a manner that it allows for compliance with this law.
As for DB design, the following factors will have a somewhat unique effect:
- Role Based access. While not a requirement under HIPAA, it turns out that some parties may access some data and others may not. Your design should take this into account.
- Protected Health Information (PHI). Access to certain fields (PHI) may be restricted, and you'll need to show the steps you took to ensure this information is not released, either accidentally or through foul play. You may also need to track legal access to PHI.
- Archiving. HIPAA requires archival storage of data, but it doesn't say how long, depending instead on "best practices". I'd make this selectable, and I'd back up my reasoning for this in my documentation.
- Disaster Planning and Recovery. HIPAA requires that you maintain backups in such a manner that a disaster will neither destroy or limit access to live or archival data for any longer than need be. How long is not stated -- see Risk Assessment.
- "Break Glass" initiative. HIPAA states that it does not sanction failures in delivery of health care as a result of implementing this law. In this case, it means you can lock down PHI based on roles, or secure in any number of ways, but if a doctor in an ER needs that patient information, there must be a means of overriding security and (a) allowing access to critical PHI as well as (b) tracking that abnormal access. In other words, in an emergency, you need to be able to break the glass and get to the PHI if you need it.
- Risk Assessment. HIPAA enforcement focuses on intent and due dilligence. Even if you make a mistake, it'll go a lot easier on you if you've researched your decisions and documented them in a RIsk Assessment. This is a pretty formal procedure and, if you haven't done one before, consider getting help.
This of course isn't all. COnsidering the scope of HIPAA, it's easy to see that all the possible changes in database design wouldn't even fit into a thesis, much less an online response.
User:Cjonb18:03, 3 Jun 2008 (UTC)
What else can I help you with?
What is the difference between HIPPA and pipeda?
l
What is the link between patient rights and HIPPA?
HIPPA is the health insurance portability and protection act. Basically, if you change or lose your job, your health insurance plan is protected by HIPPA. You also do not need to explain pre-existing health issues to a new employer under HIPPA. That is the portability function of the act. Obviously, you have patient rights and HIPPA will cover them while you are in between jobs.
What is the difference between Hipaa and Hippa?
HIPAA stands for Health Insurance Portability and Accountability Act; HIPPA has no meaning and is a misspelling, albeit a common one.
Can you get attached to clients if your a pediatrician?
Read the regulations of HIPPA... doctors and patients have an un-said contract having to do with a professional relationship.
What are the answers for HIPPA refresher course?
fines for hippa violation
What are the negative aspects of HIPAA?
I need to know what are the disadvantages of Hippa? What are the advantages of Hippa?
What is the difference between HIPAA hipaa?
HIPAA stands for Health Insurance Portability and Accountability Act; HIPPA has no meaning and is a misspelling, albeit a common one.
Why does a doctor have to get consent to put a patients information into a database?
HIPPA requires all covered entities (providers, insurance companies, labs, research databases, et. al.) to obtain consent from a patient before transmitting any PHI (protected health information).
How is a HIPPA breach defined by DOD?
hd
What did HIPPA broaden the definition of personally identifiable information PII to include?
HIPPA broadened the definition of personally identifiable information to include Health Information.
Do only nursing staff in a hospital are required to follow the HIPPA law?
False. All stuff have to follow the Hippa law including the nursing staff.
Hipaa mandates that confidential information can be disclosed to any third party?
The Hippa is law that keep information safe and private. The Hippa is a law that has to be followed by everyone.
