HIPAA

Scanner Apps

  • 1.  Scanner Apps

    Posted 7 days ago
    Should a BAA be in place if staff are using scanning apps such as camscanner to email documentation that contains PHI?  Essentially, they are taking a pic of the document but it saves it as a pdf.  My gut says that this is a big no no unless there is a BAA in place.

    ------------------------------
    Rebecca Marshall
    Strategic Services Dept Asst/HIPAA Privacy Officer
    Shiawassee County CMHA

    ------------------------------
    2020 HCCA Compliance Institute


  • 2.  RE: Scanner Apps

    Posted 7 days ago

    Rebecca,

    Where are the pictures/documents stored? I'm assuming (please correct me) that this is a web application of some kind. If the documents are stored at the vendor's site/database/server, then even if they don't have actual access to the data then Yes, a BAA should be in place since they are "receiving/transmitting/maintaining" your ePHI.

     

    Best Regards,

    Scot Lovejoy  CFP_XSLogo_BlBk image006.jpg@01D50B1A.1F2C7480 image007.jpg@01D50B1A.1F2C7480

    Scot Lovejoy RPh. CFP CHC CHPC

    Chief Pharmacy Officer

    Compliance Officer

    Agadia_itself (625x184) (625x184) (100x29)

    9 Campus Drive, 2nd Floor East

    Parisippany, N.J. 07054

    (O) 973-540-8400  x227

    (C) 973-570-3803

    (F) 973-540-8440

     

     

    Confidentiality Notice:  This e-mail is intended only for the person(s) to whom it is addressed and may contain information that is confidential, proprietary, privileged or otherwise protected from disclosure.  If you are not an intended recipient, please (i) do not read, copy or use this communication, or disclose it to others, (ii) notify the sender immediately by replying to the message, and (iii) delete the e-mail from your system.  Thank you.

     

     




    2020 HCCA Compliance Institute


  • 3.  RE: Scanner Apps

    Posted 7 days ago
    Rebecca,

    I am not quite sure what you are getting at. Can you be a little more specific in your process description and inquiry?. Who is scanning the documents, your staff, temps, an outside contractor? What is being used as a scanner a desktop device connected directly to a computer, a larger scanner like a big multifunction machine, something else? Where are the pictures being stored, in the scanner, in a computer, on a remote server; and who owns the equipment? 

    When you say "camscanner" what comes to mind is an app on a smartphone that raises a bunch of red flags but I want to be sure what we are talking about before I form an opinion. 

    This group is pretty smart we'll figure it out with you. 

    -Alex- 




     Alexander I Slosman, MHA, CHC, CHPC




    2020 HCCA Compliance Institute


  • 4.  RE: Scanner Apps

    Posted 7 days ago
    The BAA is a depends as described above. You probably want to talk to someone in IT to have them vet this with a vendor risk assessment as your step 1 though.

    ------------------------------
    Brenda Manning J.D., C.H.C., C.H.P.C.
    Compliance Director, Privacy
    Carilion Administrative Services Building, Ste. 1201
    213 S. Jefferson Street
    Roanoke, VA 24011
    (540) 224-5757
    Fax: (540) 510-224-5787
    Integrity Help Line Compliance: (844) 732-6232
    bkmanning@carilionclinic.org

    Our Mission: Improve the health of the communities we serve.


    The views expressed herein are my own and do not represent those of my employer. They are not meant to constitute legal advice or create an attorney-client relationship.
    ------------------------------

    2020 HCCA Compliance Institute