I’m looking over the HIPAA technical safeguards, and I feel pretty good about our app’s strategy for most of them. There are 2 points that I don’t think apply to us, but I’m curious if anyone sees it differently. For context, the PHI our app will store is e-prescriptions.
Emergency access procedure
I don’t think an EAP is necessary because I can’t imagine an emergency that would require a prescription record. If it were necessary, though, the prescribing doctor, eRX vendor or pharmacy with it on file should be able to provide that. As a last resort, a developer could also retrieve the prescription info from the database.
Mechanism to authenticate electronic protected health information
Again, I don’t think this applies to our situation. There’s no interface for users to manipulate PHI. It’s a read only API. Am I missing something that would require us to account for this guideline?