Hacker News new | past | comments | ask | show | jobs | submit login

The site might be deemed a Business Associate, depending on the specific facts, which we don't fully possess. That's why I recommended the owner seek counsel.



A business associate to who? The user?


A covered entity (eg. doctor, nurse, etc.)


How could this app possibly be considered a business associate to a provider? The provider has no idea it’s even being used, let alone a formal association with the application.


"Kate's App is a tool created to support medical caregivers"

The landing page doesn't make it clear whether providers are expected to use it or not.


Look up the definition of “provider” in HIPAA’s text. The definition is extremely broad and doesn’t just cover doctors and pharmacists.


It’s not really that broad. It amounts to medical professionals (doctors, nurses, etc.), insurers, and any systems they use to store or process data. If the medical professional or insurer is not using the app, and the app has not signed a BAA with them, then it’s not covered under HIPAA.

https://www.hhs.gov/hipaa/for-professionals/covered-entities...




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: