Posted by acstyxx on March 14, 2011 at 5:20pm
I am trying to build a new Patient Portal site for exposing Personal Health Record information to meet Meaningful Use measures of timely access for out EHR. I am planning to expose that PHI through a web service from our EHR and build a custom module in Drupal to make that data accessible through the portal.
I am looking for examples of sites in production or development that expose Protected Health Information through Drupal.
Comments
HIPAA compliance isn't PCI
HIPAA compliance isn't PCI compliance, but I'm wondering how much overlap there is:
http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountabi...
https://www.cms.gov/hipaageninfo/
Is HIPAA compliance what's required? If so, the compliance policies seem more stringent.
http://www.cms.gov/EducationMaterials/03_TransactionsandCodeSetMaterials...
If you've gone through PCI compliance, the implementation knowledge and info available can help out with a variety of sections: http://groups.drupal.org/node/22614
You're going to need more feedback then this.
[Edited: grammar]
HIPAA vs PCI
PCI is about credit card info while HIPAA is about personal health information. There is some overlap in IT tools, policies and procedures but also a considerable amount of individual components.
If you need the guidance I can provide some insight.
José G.
HIPAA and not PCI
I am not looking at PCI compliance, although I do think that is a good reference point. Most of the PCI compliance criteria are based on how data is transported and stored. My concerns are more around segregation of data based on login. I need to show how the system is secured and resistant to fraud to prevent sharing of personal health information.