> we believe the best ethics panel will come from the users
Not when it comes to HIPAA compliance. This isn't about finding the best ethical code of conduct for privacy (which can be tricky), but simply abiding by existing and well-defined rules; all users agreeing you're a paragon of virtue doesn't matter much if you break said law once it does apply to you.
Please understand I've no wish to rain on your parade; it's just that I know all too well dealing with HIPAA can cause some headaches, but that's part of the game when working in anything connected to healthcare in the US.
That's true, for HIPAA compliance, there is no negotiation and we will meet that standard.
But there inevitably will be some user concerns that fall outside of HIPAA compliance. So, we see HIPAA+HITECH as a minimum requirement. We don't expect it to be sufficient, however, and that's where user feedback, the "user ethics panel" if you will, comes in.
Not when it comes to HIPAA compliance. This isn't about finding the best ethical code of conduct for privacy (which can be tricky), but simply abiding by existing and well-defined rules; all users agreeing you're a paragon of virtue doesn't matter much if you break said law once it does apply to you.
Please understand I've no wish to rain on your parade; it's just that I know all too well dealing with HIPAA can cause some headaches, but that's part of the game when working in anything connected to healthcare in the US.