Drupal Sites with PHI

Events happening in the community are now at Drupal community events on www.drupal.org.
acstyxx's picture

I am trying to build a new Patient Portal site for exposing Personal Health Record information to meet Meaningful Use measures of timely access for out EHR. I am planning to expose that PHI through a web service from our EHR and build a custom module in Drupal to make that data accessible through the portal.

I am looking for examples of sites in production or development that expose Protected Health Information through Drupal.

Comments

HIPAA compliance isn't PCI

threading_signals's picture

HIPAA compliance isn't PCI compliance, but I'm wondering how much overlap there is:

http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountabi...
https://www.cms.gov/hipaageninfo/

Is HIPAA compliance what's required? If so, the compliance policies seem more stringent.

http://www.cms.gov/EducationMaterials/03_TransactionsandCodeSetMaterials...

If you've gone through PCI compliance, the implementation knowledge and info available can help out with a variety of sections: http://groups.drupal.org/node/22614

You're going to need more feedback then this.

[Edited: grammar]

HIPAA vs PCI

Senor_Pepe's picture

PCI is about credit card info while HIPAA is about personal health information. There is some overlap in IT tools, policies and procedures but also a considerable amount of individual components.

If you need the guidance I can provide some insight.

José G.

HIPAA and not PCI

acstyxx's picture

I am not looking at PCI compliance, although I do think that is a good reference point. Most of the PCI compliance criteria are based on how data is transported and stored. My concerns are more around segregation of data based on login. I need to show how the system is secured and resistant to fraud to prevent sharing of personal health information.

Healthcare

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: