1

I have came across a term Hippa Compliance.

Is it just encryption on data in the database or something else?

Do I need to integrate with third party website like "truevault" or I can do it in my local database?

Jigar Shah
  • 175
  • 2
  • 3
  • 13

1 Answers1

1

This is simply a set of rules you must follow to become compliant (although there are quite a few and they are fairly large). They consist of Technical Safeguards, Physical Safeguards and Administrative Safeguards to ensure data security. Read up here:

https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/

or

https://www.truevault.com/blog/how-do-i-become-hipaa-compliant.html

There are a number of points addressed and I would recommend hiring/engaging with a professional if you are trying to achieve this in a solution you are designing as you probably will not be able to achieve comprehensively without a whole lot of research...

The relevant parts seem to be;

Specifically, covered entities must:

Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;

Identify and protect against reasonably anticipated threats to the security or integrity of the information;

Protect against reasonably anticipated, impermissible uses or disclosures;

and Ensure compliance by their workforce.

Milney
  • 6,253
  • 2
  • 19
  • 33
  • Do I need to integrate with third party website like "truevault" or I can do it in my local database? – Jigar Shah Jan 12 '17 at 11:23
  • It is not just relating to databases.... While you don't NEED to integrate with anyone - you do need to ensure all rules are met, and there are quite a few. Please read the links I put in my answer. They includes things like physical access to the data, how you manage and store the data and how and by who it is accessed. It is not a quick or easy thing to achieve, hence my suggestion to hire a professional. – Milney Jan 12 '17 at 11:24
  • Just to emphasize this: "HIPAA violations can reach a maximum penalty of $50,000 per violation, with an annual maximum of $1.5 million, which underlies the importance of building HIPAA compliant software properly". If you are not fully aware of all the implications of this, you should certainly hire someone who is as you will mostly likely miss a small part which can be very very costly to both yourself and/or any clients – Milney Jan 12 '17 at 11:27