I'm sure that other people have run into this before. How do you handle HIPAA regulations? If someone posts something semi-private about another individual, even well-meaning and asking for prayer, that can cause problems with HIPAA laws and get the church in a lawsuit. Is there any way to allow posting prayer requests, but not letting them be visible unless you're logged in and a member of a certain group? I know that we can moderate requests, but as far as I know, once a post has been submitted, it's visible to whoever can see that page.

Looking for advice and best practices around this if anyone has some experience.

Thanks.

-Pete

Unless you are a healthcare-related business, HIPAA does not apply. From the HIPAA website (http://www.cms.hhs.gov/HIPAAGenInfo/06_AreYouaCoveredEntity.asp):

The Administrative Simplification standards adopted by Health and Human Services (HHS) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) apply to any entity that is:
a health care provider that conducts certain transactions in electronic form (called here a "covered health care provider").
a health care clearinghouse.
a health plan.

I'll have to get more details from our church. From what I understand, they actually had a lawsuit come up and lost due to the HIPAA regs. Besides, I know that we have had corporate training at my workplace about not discussing health concerns of others due to possible HIPAA violations. I'm trying to get some more details about that right now, but I think this would be a good practice anyway. I can definitely see the desire to "post" a prayer request and only have the prayer team (perhaps different prayer teams?) pray for those requests.

I've also been bitten as a SS teacher when someone posted a very long rant against her soon-to-be-ex-husband to our SS distribution list (not moderated at the time, sadly). I'd hate to have something similar show up for everyone to see. Something along the lines of, "Please pray for me as my spouse {name} regularly beats me and the kids, goes drinking every night @ {location}, gets drunk, and does ...." Obviously we can moderate to an extent, though that's an extra burden on someone or a group of someones. Ideally, I'd like to not have to worry as much about that sort of posting. Had I not encountered it before, I'd probably be less concerned, but there are definitely issues we don't want posted and don't want people finding through either an Archive search (e.g. Wayback machine) or just happening across.

-Pete