top | item 8088979

(no title)

nicarus1984 | 11 years ago

Regarding this Submit Bill section:

Maybe I'm just overly paranoid - having dealt with medical claim data for years has re-enforced this though - but isn't it walking a fine line with HIPAA to accept individuals' procedure codes? It doesn't even appear to use SSL/TLS, so I doubt this is HIPAA compliant. I know a name isn't sent over, but it can be trivial to identify someone via their IP address, right? Why not at least go that extra step to protect this information?

Additionally, how do you make sure the information (ie. payment amount, etc.) is accurate?

Also, doesn't seem to work correctly on Win7 Chrome).

discuss

HealthNut|11 years ago

Hey while your right, the storing of IP addresses does require HIPAA compliancy, it can be solved with a simple SSL certificate and acknowledgement of nothing being stored.

Procedure codes are an alternative method of inputting bills into the database, as sometimes procedure names are too lengthy. Every bill has either: CPT, HCPCS, or ICD code, all of which are non identifying, and unique to each procedure/diagnosis.

Thanks for your concern though and please email me if you want to continue discussing: ethan@comparedcare.com

iancarroll|11 years ago

If OP created the site, shoot me an email (in my profile) and I'll give you an SSL certificate. Pretty sure HIPPA compliance isn't mandatory here, though.

HealthNut|11 years ago

Sent you an email, but if you havent received: info (at) comparedcare (dot) com