0

I'm doing some research into solutions to convert very sensitive documents from a FHIR API into readable PDF files, and my biggest concern is HIPAA-compliance. Is any data stored using the PyPDF libraries?

Thank you so much!

Can't find any real answers on if data is exchanged during the PDF creation to a server. If anyone has any recommendations for this process as an alternative I would be forever grateful as well.

John Pazienza
  • 1
  • 1
  • 3
    In general, data manipulation and formatting libraries never store anything unless you explicitly tell them to. – Barmar Aug 16 '23 at 18:20
  • What part of HIPAA-compliance are you concerned about? Just like this, the question is too broad. Pypdf is not certified is the only thing I can say (which doesn't mean it's not compliant - it just means we are an small-ish project with no resources for certification) – Martin Thoma Aug 19 '23 at 15:34
  • @Martin - I'm concerned over server side conversions and if any PHI is actually sent to a server and retained for any amount of time. Our company requires a BAA with any exchanges of information to any external source. I'm just trying to take every precaution necessary if I can! I appreciate your response! – John Pazienza Aug 24 '23 at 19:27
  • pypdf runs purely local. It will always stay like that as long as I'm maintainer. – Martin Thoma Aug 25 '23 at 06:53

1 Answers1

0

pypdf is executed locally only. It does not make any requests to other servers. It will stay like that as long as I'm the maintainer of pypdf (and I don't see anybody attempting to change that).

One fineprint: Our test suite does use PDF documents from external sources. We don't upload anything to another server, but we download files for testing. They are marked with enable_socket and thus can be excluded via pytest -m "not enable_socket". If you don't execute the pytest tests, you don't have to think about that.

Martin Thoma
  • 124,992
  • 159
  • 614
  • 958