-2

I am developing a Medical Billing Software and should be HIPAA complaint. My current architecture is using separate database for each tenant. But I need to change it to a Multi tenant architecture. So Is there any problem for HIPAA with Multi tenant architecture ?

Is it possible to get any Document/Proof related to this topic ?

John Saunders
  • 160,644
  • 26
  • 247
  • 397

1 Answers1

1

"One database per tenant" is a multi-tenant architecture; others on the architectural spectrum include "one schema per tenant" and "every tenant shares every table". See, for example, this SO answer, and especially the linked article at the end.

As far as I can tell, HIPAA doesn't prohibit "every tenant shares every table". Your source for proof should be somewhere on the US Dept of Heath and Human Services web site.

Community
  • 1
  • 1
Mike Sherrill 'Cat Recall'
  • 91,602
  • 17
  • 122
  • 185
  • 1
    Source of proof is a hard one with HIPAA. You may find it on the HHS site if you're going to find it anywhere. I think most vendors consider their audit reports to be the source of proof. – Travis Good Aug 25 '14 at 16:07