Our latest “Ask Erik” question involves questioning when web-based patient-intake forms need to be HIPAA compliant:
“Do we need to be HIPAA compliant if our intake forms have patient name, birthday, and address, but no social security number or other insurance information?”
The short answer is “YES“.
You need to be concerned about HIPAA compliance when you ask or send identifiable health information. It is perhaps not surprising, but “identifiable” is a really broad concept.
Read the rest of this post »