I'm working on an application following HIPAA guidelines. One of the requirements is that all data stored on any device must follow encryption standards. That being said, any device with names or sensitive personal information (ePHI) must be encrypted in case of malicious intent.
Does MongoDB data remain encrypted in MiniMongo, or is it possible to encrypt MiniMongo data itself?
I received additional details answering this question via contacting Abigail Watson as per Dan's suggestion.
The short answer is yes, the data comes in encrypted to MiniMongo and the browser has the ability to see the decrypted information.
The longer answer is that Meteor is almost HIPAA compliant out of the box. Since the regulations were made in 1996, they are a little nebulous when it comes to what you can get in trouble for due to its age. As long as the data is encrypted and secure on the server with SSL/TLS certified encryption, has unique user ids/roles/passwords, and an HIPAA audit log we are following the conventions.
Playing it safe and doing data wipes on local servers and making the data intelligently encrypted should help protect us and ePHI.
MongoDB data will be transmitted as is to the client over the wire (that is, encrypted). Once on the client though, it has to be decrypted in order to be displayed to the user. So I think you're within the guidelines.
For more information,
