HIPAA COMPLIANT HEALTHCARE SOLUTIONS

Introduction

Thank you for checking out the FAQs page! We hope that by reading these questions and answers, we can help answer any remaining doubts about taking us as your Business Associate for software development.

If you have a questions that are not answered here, please click here.

If you have a questions that are not answered here, please feel free to send to us using this form.

What can you do to ensure the security of my project and the product that will be the outcome of the development process?

FilAm Software implements a strict internal security policy to protect your project from the start until its sign off. Below are to name a few:

  • The confidentiality of the project is protected by NDA signed by the management and each member on the team.
  • Source code and documentation are stored in a secure redundant source control. Only those who have been given permission can access.
  • Access to development/staging/production servers and databases are limited to individuals responsible for its management.
  • On project sign off, all members of the development team will be restricted from accessing project resources. Access to these resources will require permission from the client.

How can you help me with achieving compliance requirements for my product?

For over 10 years, we have helped our clients achieve and maintain HIPAA compliance. For sure we can help you too! We guarantee that your software will have the necessary safeguards and documents proving that efforts have been made to comply with HIPAA law. However, a fully compliant software alone cannot guarantee HIPAA compliance. You are responsible for ensuring an adequate compliance program and internal processes in place in your organization. As your partner, we can share our experience that can help align your internal process with your obligations under HIPAA.

How quickly can you start working on my product?

We can kick start the project as soon as you have agreed with the SOW. We can guide you through the different stages of our onboarding process to help you start your new project quickly.

Click here to schedule a meeting.

Contact us today to schedule a meeting.

What will happen if I need to change the project’s scope or its requirements?

We are flexible in adapting changes in scope and requirement in the project. However, these changes are evaluated to determine how they affect other parts of the software architecture and to ensure that the best solutions are implemented. Your development budget will also be affected by these adjustments. We will provide a detailed assessment report with a list of affected features, an updated project plan and additional resources if needed.

Who owns the code of my application?

FilAm Software uses or embeds third-party codes to speed up the development of the software, which results in a reduced cost. These codes are the property of their copyright owners. APIs are non-intellectual codes (Google vs. Oracle).

Original codes and derivative codes produced by us are intellectual property of FilAm Software by law. The client has the option to buy intellectual property ownership from us.

Where are the source codes physically stored?

Our project source code is stored in a secured and redundant source control server located within the US territory.

Clients are welcome to attend our weekly online internal reviews. These reviews are recorded and available for streaming for your convenience. Moreover, client presentation schedules will be indicated in the project plan.

How often will you show me the results of your work?

Besides the scheduled client presentation that will be indicated in the project plan, clients are welcome to attend our weekly internal reviews. These reviews are recorded and available for streaming that can be watched at any time.

Will there be a test version of my product I could use anytime?

Internally, we will test the software in a phased approach to ensure it is ready for production use. We will also have alpha and beta test versions of your application so that you can try to provide feedback. The project plan lists the estimated schedule for their release.

Can I look at the code while it is being created?

We do not practice monitoring our developers while coding. However, clients are welcome to review or audit the codes committed on our source control server.

Should I give you a complete set of product requirements or will someone take care of them?

FilAm Software can architect software based on your business needs. We can provide a blueprint of the entire software including specific relationships, functionalities, interactions, technical safeguards, and business rules. Clients can add the requirements they need to our design.

Clients can also provide the requirements they need. We will review them to ensure that they are compliant with HIPAA security and privacy rules and provide the necessary adjustments if compliance issues are found.

Will I meet the team behind the development of my product? Is there an option to stay in contact with them?

Yes, you will get to know the team members in a virtual meeting. A focal person will be in touch with you on a regular basis to discuss matters towards achieving compliance for your software.

Will the product be available through the cloud? If so, which cloud provider are you working with?

As a Microsoft Partner with Gold Competencies in Application Development, Application Integration, Data Analytics and DevOps, all the applications we built are cloud-based and deployed on Azure.

Microsoft website states that Azure has enabled the physical, technical, and administrative safeguards required by HIPAA and the HITECH Act inside the in-scope Azure services and offers a HIPAA BAA as part of the Microsoft Product Terms. This helps support your efforts to achieve HIPAA Compliance.

How will you assure quality for the product? What does quality assurance look like in your company?

The software development team that will work on your project will team up with dedicated software testers. A combination of agile and hybrid methods will be implemented to achieve a better-quality HIPAA compliant software application. Clients can also track reported bugs through the monitoring tool provided.

What technological stack will you use for my product?

The technology stack we use to develop new software includes the following:

Frontend AngularJS
NodeJS
JQuery
Backend C#
.NET
NodeJS
SQL Server

These technologies are scalable and easier to maintain than other technologies. Although we prefer this technology stack to develop new software applications, the technical competency of our software engineers is not limited to them. We can adapt other technologies used on existing systems requiring enhancement or remediation.

What do the product launch and post-launch support look like?

When a version of the software is launched, we will have a team of developers, testers and database administrators standing by to address issues in case they occur. Once the final release of the software has proven stable, support will continue for a certain number of hours before the project is signed off. If the OCR finds missing safeguards which are not new requirements by HIPAA law, we will remediate them at no cost.

HIPAA adds to their requirements from time to time so we will do our best to keep you informed with the new provisions of the HIPAA Law.

To further support your efforts in keeping the compliance of your software, we can provide plans to keep track of its performance, test for vulnerabilities that hackers may exploit, improve and update your software application as needed.

In what way will you keep me informed about the development progress and its key metrics?

Besides regular virtual meetings, FilAm Software will provide a project monitoring tool to keep you updated about what is going on with your product's development. It updates you with the project’s progress, remaining budget, and team performance.

What if you don’t deliver or I’m not happy with the outcome?

FilAm Software has been developing software solutions for the healthcare industry for over a decade now. We can deliver. To meet your expectations of the result, we will need you to approve the architecture and design proposal before we proceed its development. Proposed improvements or changes that may occur along the way will also require the approval of the client.

Do you have a data breach insurance?

It is our policy not to use live data during software development and testing with projects for managing ePHI. We create our own test data to avoid data breaches. While it is impossible for us to cause data breaches during this stage of software development, other things can happen when the software is released. A software glitch can slip through that could lead to data loss or compromise the integrity of the data.

Besides the risk management we have in place that protects both our customers and us from violating the HIPAA law, we have cyber liability insurance in case it was proven that actions were not taken to remediate known software issues or violations were committed by us.

To know about how we comply with HIPAA security and privacy rules, you can get a copy our Software Development Risk Analysis and Risk Management.

To know about how we comply with HIPAA security and privacy rules, you can get a copy of our Software Development Risk Analysis and Risk Management by filling up this form.

Introduction

Thank you for checking out the FAQs page! We hope that by reading these questions and answers, we can help answer any remaining doubts about taking us as your Business Associate for software development.

If you have a questions that are not answered here, please click here.

If you have a questions that are not answered here, please feel free to send to us using this form.

What can you do to ensure the security of my project and the product that will be the outcome of the development process?

FilAm Software implements a strict internal security policy to protect your project from the start until its sign off. Below are to name a few:

  • The confidentiality of the project is protected by NDA signed by the management and each member on the team.
  • Source code and documentation are stored in a secure redundant source control. Only those who have been given permission can access.
  • Access to development/staging/production servers and databases are limited to individuals responsible for its management.
  • On project sign off, all members of the development team will be restricted from accessing project resources. Access to these resources will require permission from the client.

How can you help me with achieving compliance requirements for my product?

For over 10 years, we have helped our clients achieve and maintain HIPAA compliance. For sure we can help you too! We guarantee that your software will have the necessary safeguards and documents proving that efforts have been made to comply with HIPAA law. However, a fully compliant software alone cannot guarantee HIPAA compliance. You are responsible for ensuring an adequate compliance program and internal processes in place in your organization. As your partner, we can share our experience that can help align your internal process with your obligations under HIPAA.

How quickly can you start working on my product?

We can kick start the project as soon as you have agreed with the SOW. We can guide you through the different stages of our onboarding process to help you start your new project quickly.

Click here to schedule a meeting.

Contact us today to schedule a meeting.

What will happen if I need to change the project’s scope or its requirements?

We are flexible in adapting changes in scope and requirement in the project. However, these changes are evaluated to determine how they affect other parts of the software architecture and to ensure that the best solutions are implemented. Your development budget will also be affected by these adjustments. We will provide a detailed assessment report with a list of affected features, an updated project plan and additional resources if needed.

Who owns the code of my application?

FilAm Software uses or embeds third-party codes to speed up the development of the software, which results in a reduced cost. These codes are the property of their copyright owners. APIs are non-intellectual codes (Google vs. Oracle).

Original codes and derivative codes produced by us are intellectual property of FilAm Software by law. The client has the option to buy intellectual property ownership from us.

Where are the source codes physically stored?

Our project source code is stored in a secured and redundant source control server located within the US territory.

Clients are welcome to attend our weekly online internal reviews. These reviews are recorded and available for streaming for your convenience. Moreover, client presentation schedules will be indicated in the project plan.

How often will you show me the results of your work?

Besides the scheduled client presentation that will be indicated in the project plan, clients are welcome to attend our weekly internal reviews. These reviews are recorded and available for streaming that can be watched at any time.

Will there be a test version of my product I could use anytime?

Internally, we will test the software in a phased approach to ensure it is ready for production use. We will also have alpha and beta test versions of your application so that you can try to provide feedback. The project plan lists the estimated schedule for their release.

Can I look at the code while it is being created?

We do not practice monitoring our developers while coding. However, clients are welcome to review or audit the codes committed on our source control server.

Should I give you a complete set of product requirements or will someone take care of them?

FilAm Software can architect software based on your business needs. We can provide a blueprint of the entire software including specific relationships, functionalities, interactions, technical safeguards, and business rules. Clients can add the requirements they need to our design.

Clients can also provide the requirements they need. We will review them to ensure that they are compliant with HIPAA security and privacy rules and provide the necessary adjustments if compliance issues are found.

Will I meet the team behind the development of my product? Is there an option to stay in contact with them?

Yes, you will get to know the team members in a virtual meeting. A focal person will be in touch with you on a regular basis to discuss matters towards achieving compliance for your software.

Will the product be available through the cloud? If so, which cloud provider are you working with?

As a Microsoft Partner with Gold Competencies in Application Development, Application Integration, Data Analytics and DevOps, all the applications we built are cloud-based and deployed on Azure.

Microsoft website states that Azure has enabled the physical, technical, and administrative safeguards required by HIPAA and the HITECH Act inside the in-scope Azure services and offers a HIPAA BAA as part of the Microsoft Product Terms. This helps support your efforts to achieve HIPAA Compliance.

How will you assure quality for the product? What does quality assurance look like in your company?

The software development team that will work on your project will team up with dedicated software testers. A combination of agile and hybrid methods will be implemented to achieve a better-quality HIPAA compliant software application. Clients can also track reported bugs through the monitoring tool provided.

What technological stack will you use for my product?

The technology stack we use to develop new software includes the following:

Frontend AngularJS
NodeJS
JQuery
Backend C#
.NET
NodeJS
SQL Server

These technologies are scalable and easier to maintain than other technologies. Although we prefer this technology stack to develop new software applications, the technical competency of our software engineers is not limited to them. We can adapt other technologies used on existing systems requiring enhancement or remediation.

What do the product launch and post-launch support look like?

When a version of the software is launched, we will have a team of developers, testers and database administrators standing by to address issues in case they occur. Once the final release of the software has proven stable, support will continue for a certain number of hours before the project is signed off. If the OCR finds missing safeguards which are not new requirements by HIPAA law, we will remediate them at no cost.

HIPAA adds to their requirements from time to time so we will do our best to keep you informed with the new provisions of the HIPAA Law.

To further support your efforts in keeping the compliance of your software, we can provide plans to keep track of its performance, test for vulnerabilities that hackers may exploit, improve and update your software application as needed.

In what way will you keep me informed about the development progress and its key metrics?

Besides regular virtual meetings, FilAm Software will provide a project monitoring tool to keep you updated about what is going on with your product's development. It updates you with the project’s progress, remaining budget, and team performance.

What if you don’t deliver or I’m not happy with the outcome?

FilAm Software has been developing software solutions for the healthcare industry for over a decade now. We can deliver. To meet your expectations of the result, we will need you to approve the architecture and design proposal before we proceed its development. Proposed improvements or changes that may occur along the way will also require the approval of the client.

Do you have a data breach insurance?

It is our policy not to use live data during software development and testing with projects for managing ePHI. We create our own test data to avoid data breaches. While it is impossible for us to cause data breaches during this stage of software development, other things can happen when the software is released. A software glitch can slip through that could lead to data loss or compromise the integrity of the data.

Besides the risk management we have in place that protects both our customers and us from violating the HIPAA law, we have cyber liability insurance in case it was proven that actions were not taken to remediate known software issues or violations were committed by us.

To know about how we comply with HIPAA security and privacy rules, you can get a copy our Software Development Risk Analysis and Risk Management.

To know about how we comply with HIPAA security and privacy rules, you can get a copy of our Software Development Risk Analysis and Risk Management by filling up this form.