Check out some similar questions!

ajalele · May 23, 2014, 08:00 AM

I do freelance IT work as a side job. I have recently been hired to do some work for a Medical Office. In an attempt to protect myself from any of their HIPPA violations I typed up a little release form. There are only two lines:

(Meidcal Office) assumes full responsibility for ensuring that all their systems meet HIPPA standards, requirements, and guidelines.
(Medical Office) also releases (me) from any responsibility regarding HIPPA standards, requirements, and guidelines.

Then there is a spot for them to print sign and date.

Will this hold up in court if they get introuble for a HIPPA violation and try to blame me?

odinn7 · May 23, 2014, 08:06 AM

You're not medical staff...HIPAA is all on them.

AK lawyer · May 23, 2014, 08:51 AM

Note that it's HIPAA, not HIPPA.

It depends on the scope of the IT work you are to perform for them. It's conceivable that if your IT work somehow results in the inadvertent disclosure of protected medical information, and they get fined for violation of the HIPAA regulations, they could still try to come after you. There is no absolute certainty in life, but this language probably covers you.

ajalele · May 23, 2014, 09:02 AM

I am just setting up a single server where their patient's x-ray records are going to be stored. Then I am setting it up so the x-rays can be accessed from any of their workstations.

smoothy · May 23, 2014, 09:14 AM

If you leave a guest account on it with the password of "password"... no form you would write would protect you.

ScottGem · May 23, 2014, 09:40 AM

I agree. If you do not provide adequate security so that access to the server is protected, the release won't protect you. And under HIPAA rules, Access to the films should be restricted to people who have responsibility for the patient. Or that the images are only identified by code.

AK lawyer · May 23, 2014, 12:02 PM

It is the medical office which has primary HIPAA responsibility. If it chooses to hire an absolutely incompetent IT person, and at the same time waives any and all claims against that IT person, their chances of their then getting the IT person to indemnify them are nil.

Fr_Chuck · May 23, 2014, 08:12 PM

You must be sure, in your work, that your programs meet the law. Also, if in your work, you see patient information and would release it. You can not have your liability taken away.
I know our company had fake accounts and fake patient information created for programs to work with, while being set up and tested. But even then, if there were issues after being used, the IT people often had to work with the live system.