CHIME Wrote this recently in response to the proposed HIPAA rule change.
We are concerned about the implications of proposals involving personal health applications (PHAs) calling for covered entities (CEs) to transmit electronic health information (EHI) to PHAs without requiring those PHAs to include privacy and security controls or sign Business Associate Agreements (BAAs);
Valid concern but the battle is over and PHAs accessing patient information on behalf of the patient is protecting by law and future penalties.
What can we do? BAA's don't work in this framework. So what can we offer our patients to protect them from the wild world of PHAs that are going to start knocking on our API door?
#healthcare #api #healthIT #cio #cmio #chime #himss