I developed a behavioral health app that includes a therapist locator, mental health health charting, questionnaires, progress measures and analytics. As part of my due diligence I completing HIPAA training, created policies and procedures, and enlisted oversight by a board of directors of a qualified mental health association (non-profit). I think my effort needs periodic review and contrasting with other real world practices. BTW… Microsoft HITRUST is a massive undertaking beyond my association’s size and resources.
Is there an example or a template for openEMR HIPAA Administrative and Security Officers?
Are there people in the openEMR community working on policy and procedures?
I understand that these can be highly sensitive documents. I am certainly willing to submit to a back ground check and sign a BAA.