Thanks Red: yes notifiMED must properly deal with PHI, if it didn't no one in the healthcare industry would go near it or incorporate it into their software platform or healthcare solution.
That is what I remember from my stint working on the Obamacare software fix, although I worked on back-end things that did calculations of costs of potential plans presented to someone seeking healthcare insurance thru Obamacare, so didn't really require them presenting any PHI. However of course enrollment did, that is once they enrolled obviously they had to supply PHI and I remember being in meetings talking about software safeguards on that data, etc.
You are correct about third-party vendors too, I had forgotten totally about that (well, it's been 5 years since I have worked on the Obamacare software, since then I moved back to Dept of Defense projects where the software which has a very different set of security issues).
That is what I remember from my stint working on the Obamacare software fix, although I worked on back-end things that did calculations of costs of potential plans presented to someone seeking healthcare insurance thru Obamacare, so didn't really require them presenting any PHI. However of course enrollment did, that is once they enrolled obviously they had to supply PHI and I remember being in meetings talking about software safeguards on that data, etc.
You are correct about third-party vendors too, I had forgotten totally about that (well, it's been 5 years since I have worked on the Obamacare software, since then I moved back to Dept of Defense projects where the software which has a very different set of security issues).
8