How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Law Educator, Esq. Your Own Question
Law Educator, Esq.
Law Educator, Esq., Attorney
Category: Legal
Satisfied Customers: 129490
Experience:  JA Mentor -Attorney Labor/employment, corporate, sports law, admiralty/maritime and civil rights law
10285032
Type Your Legal Question Here...
Law Educator, Esq. is online now
A new question is answered every 9 seconds

Is there any type of legal/HIPAA violation of using a real

Customer Question

Is there any type of legal/HIPAA violation of using a real provider in testing an Electronic Health Record?
Submitted: 8 years ago.
Category: Legal
Expert:  Maverick replied 8 years ago.
Can you please give us a little more background information so we can better assist you? Also what is a "real" provider?
Customer: replied 8 years ago.
Thanks for looking at this. Here is the scenario:
I am consultant that implements EHRs (Electronic Health Records) in an outpatient setting. Before we let clients (large medical groups) go live, we have them test their EHR. This ensures that everything in their system is working as it should. They DO have the ability to create fake providers (Names, Licenses, DEA #s, signatures, all information about a provider basically). However at times the clients (their IT teams) may ask us just to use real provider information to test the system aka logging into the EHR and using the providers log in, in the test environment or placing test orders (Lab Orders ex. CBC) under their name in the test environment.
I am wondering is this a HIPAA, Legal, PSQIA, JC etc violation to do this type of testing?
Expert:  Maverick replied 8 years ago.

I do not think that what your are asking is in substance a HIPPA violation. However, certain administrative safeguards must still be put in place by your clients. Covered entities (your clients) that out-source some of their business processes to a third party must ensure that their vendors also have a framework in place to comply with HIPAA requirements. Companies typically gain this assurance through clauses in the contracts stating that the vendor will meet the same data protection requirements that apply to the covered entity. Care must be taken to determine if the vendor further out-sources any data handling functions to other vendors and monitor whether appropriate contracts and controls are in place.

 

 

Please click "Accept" so that I can get credit for this answer. We can continue our conversation after that at no additional charge. Thank you.

 

This information is provided so you may better discuss legal issues with your attorney. Consult a local attorney for legal advice before acting. You may be able to find an attorney in your area to further assist you at http://www.martindale.com/ or at http://www.lawyers.com/ .

Customer: replied 8 years ago.
"I am wondering is this a HIPAA, Legal, PSQIA, JC etc violation to do this type of testing?"

That covers HIPAA, but what about anything else in the above quote?
Expert:  Maverick replied 8 years ago.
I am not familiar with the other regulations. Maybe someone else can assist you better. I will opt out at no charge to you and you need not do anything. Your question will be released to the main board for someone else to pick up.
Customer: replied 8 years ago.
Relist: Incomplete answer.
Customer: replied 8 years ago.
Relist: Incomplete answer.
Customer: replied 8 years ago.
Relist: Incomplete answer.
Expert:  Law Educator, Esq. replied 8 years ago.
Your previous expert was correct here. This is not a HIPAA violation because HIPAA has a safe harbor for accessing information for necessity/training purposes, it is the release of the information that would be a violation of HIPAA. The medical providers would have all of the third party contractors sign confidentiality and non-disclosure HIPAA agreements, but this is done all the time in medical facilities to test systems. You should consider accepting your previous expert's answer as it was correct.
Law Educator, Esq., Attorney
Category: Legal
Satisfied Customers: 129490
Experience: JA Mentor -Attorney Labor/employment, corporate, sports law, admiralty/maritime and civil rights law
Law Educator, Esq. and 11 other Legal Specialists are ready to help you