Medical mailing list archives
medical@odoo-community.org
Browse archives
Re: HIPAA Compliance
by
LasLabs, Dave Lasley
Hey Zach,
You’re right that HIPAA always comes up when medical entities are involved. In the case of no PHI though, the best response is to let them know the system doesn’t need to comply with HIPAA. There’s no reason to drop a bunch of time and money unless it’s required IMO.
-Dave Lasley
Hello again and thanks for the replies; Dave, I totally respect that you guys have done a lot of work to figure this out and was definitely not trying to get any freebies. The fact that it can be done is really all I need for now. I'm working with a LTC facility on an HR related project (no PHI), but being in the medical realm, the HIPAA question is bound to come up. If we ever need to go down that road, I'll keep you guys in mind. Thanks again to all the respondents for helping a newbie out. On Wed, Jan 24, 2018 at 8:32 PM, Dave Lasley <dave@laslabs.com> wrote: > Odoo can comply, but it is not an easy task. You will need to work through > all points of the administrative and technical safeguards, finding a module > or configuration to mitigate each. These should all be identified during a > standard risk assessment of the platform, which is one of the administrative > requirements of HIPAA. > > > I guarantee it’s possible, but we charge a significant amount for proper > implementation on this and laying these out publicly is not in our interest. > > On a side note - email is not and will never be HIPAA compliant, regardless > of a BAA with the provider. > > > -Dave Lasley > > On Jan 24, 2018, at 17:17, Tom Blauwendraat <thomaspaulb@gmail.com> wrote: > > Hi Zach, > > it's a very interesting question. I think if you manage to compile a > shortlist of the things that are needed for such a certification, some of us > techies could certainly comment point-by-point on whether Odoo, if properly > hosted, can comply with it or not. > > Tom > > > On Mon, Jan 8, 2018 at 9:32 AM, Zachary Waite <waite.zach@gmail.com> wrote: > > Can anyone comment on the necessary steps to implement Odoo in a HIPAA > (Health Insurance Portability and Accountability Act) compliant manner? > > For example, I'd assume that obtaining a Business Associate Agreement (BAA) > with your email host is part of the equation for using the Chatter and > Discuss features, but I'm curious if Odoo itself needs additional > modification beyond strong server security. > > -- > Zachary Waite > waite.zach@gmail.com > > _______________________________________________ > Mailing-List: https://odoo-community.org/groups/medical-20 > Post to: mailto:medical@odoo-community.org > Unsubscribe: https://odoo-community.org/groups?unsubscribe > > > _______________________________________________ > Mailing-List: https://odoo-community.org/groups/medical-20 > Post to: mailto:medical@odoo-community.org > Unsubscribe: https://odoo-community.org/groups?unsubscribe > > _______________________________________________ > Mailing-List: https://odoo-community.org/groups/medical-20 > Post to: mailto:medical@odoo-community.org > Unsubscribe: https://odoo-community.org/groups?unsubscribe -- Zachary Waite 518-232-4900 waite.zach@gmail.com_______________________________________________
Mailing-List: https://odoo-community.org/groups/medical-20
Post to: mailto:medical@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
