Printable View
I currently work on a hospital as an I.T./Programmer but I was not the one who made our system. Now, another hospital wants me to make a program for them similar to our system, will I be violating any Intellectual Property rights if I would make a similar system although I will not copy it?
I think if the program includes things common to the running of a hospital then that is fine but if it is something implemented just for use in one particular hospital then again how many different ways are there to record patient care, etc?Quote:
Originally Posted by dee-u
Doing further research on the matter I have found that it is the property of the Hospital that first commissioned the work. However, they may allow the other hospital joined use under certain conditions. Read this for more detail
Well, the system we are using here is a commercialized one which is being used by many hospitals here but it costs a lot and the other hospital want to lessen the cost so they are trying to commission me to make one for them.
I find this idea a little puzzling since in most countries there are some tough regulations about things a hospital can, cannot, must, and must not do with patient information. This would generally preclude any attempt at home grown solutions, since getting one certified could easily cost more than just going with an existing certified package.
Now that you said it, yeah, I should go looking for such regulations since I am not aware if there are existing or not.
Some of the software I develop is for the health-care field. Yes - there are privacy reg's in the US (HIPAA regulations) - but I cannot imagine that most countries have these (we like to create over-the-top laws in the US - keeps our congress and senate busy doing things that have nothing to do with fixing the country).
This sounds like a great opportunity for you to take skills you have and make a product that can be re-sold.
Care to cite the basic rules of HIPAA Sir so I may not violate anything even if that law is not yet implemented here?
HIPAA's all about privacy. When HIPAA was implemented we had to do things like make sure that the health-processing office doors had locks with numeric-key-codes assigned to each person needing access. That way a log of who went in and out of the office was in place. Had to make the windows on the door be one-way reflective glass. Had to make sure that monitors were turned away from the middle of the office space so that only the person working would see the data - not someone casually walking by.
Had to modify my software so that even though a user had all the printers in the building available, that only certain HIPAA-secure printers could be used for certain reports. Thin-client machines and not actual workstations were put in place - no DVD or CD burners - no way to make a floppy (they still existed in the last 90's).
Pharmacies all over the US had to put in a line-control mechanism that made sure you waited several feet away so you could not over hear the person in front of you telling the pharmacist their name.
When we send data to warehousing companies that compile health-use statistics we needed to depersonalize it. We could not give the full zip-code of the person - needed to trim off the last two digits so it was only a ZONE and not specific. That way the one person in the stat list with cancer or aids would not be pegged to a particular neighborhood. A famous tennis player - Arthur Ashe - died of aids years ago and his records were sold to the media. That disclosure of private health records was a huge factor in the US gvmt creating the HIPAA regulations.
HIPAA has many facets - also talks to electronic transmission of health care data - EDI and such. When our gvmt creates a huge regulation they like to salt it with some kind of payoff provision - EDI was supposed to do that (but I still see paper printed constantly - that fact is never going away!!).
Here's a link
http://www.hhs.gov/ocr/privacy/
Bottom line - if your country does not have these regulations then it's noble of you to attempt to attain some level of HIPAA compliance. But it's a bigger picture then that...
Three things come to mind...
1) HIPPA laws... but that's more of a US regulation, so may or may not apply in this case. They are stringent and careful consideration must be taken in ensuring that they are followed properly, documented and potentially CERTIFIED.
2) Intellectual Property or IP restrictions... again, this may vary depending on the prevailing laws where you are. You have to be careful that anything you wrote for company A isn't a trade secret or otherwise belongs to Company A... by agreement of my employment, technically ANYTHING I write while using company equipment, including a quick and dirty password generator, belongs to my employer since I used their resources to do it. Fortunatley there is some sense (usually) of common sense in this regard as I've never heard anyone sued for making said pwd generator and taking it with them later after leaving the company. But, if I were to develop a completely new app that was large enough and start to make money with it... the burden would be on me to show I didn't use any company resources in its development.
3) Non-compete clauses... many companies have these in their terms of employment.... while at company A, I cannot go to work for Company B, nor any of OUR client, or their clients where I'd be doing the same function or similar function that I do now. Even if I'm fired or laid off... I can't go for any job that would put me in competition with the company directly for a year. It used to be 2 years. Other places I've worked had 6-month agreements, and some didn't even have one (when you're the only one in town, there's no competition to go work for).
-tg
I think you have a lot of good information posted in this thread already. It all comes down to what you signed in agreement when you got hired on by your employer.
Just about everything will be based upon that agreement. If nothing was spelled out then you have free reign, just dont do the work at work and dont use any of the same code unless it is generic and logically non-proprietary.
It seems a little odd that the same country came up with HIPAA and Prism, does it not? The only situation remotely similar to all that monitor hiding and so in the UK is the Queen's annual tax audit! As for pharmacies, if you had to stand far away enough for the counter conversation to be inaudible you'd be in a completely different shop or standing in the middle of the road round our way.
HIPAA was way before 9/11. Although there was already lots of monitoring before that Americans signed up for the Patriot act and let civil liberties fall by the wayside in reaction to 9/11. Started a couple of wars too:eek:Quote:
Originally Posted by dunfiddlin