HIPAA software compliance tips

Healthcare, Software development / 30.05.20170 comments

We’ve been working on several healthcare application development projects for both web and mobile.  We’d  love to show some detailed case studies once the new products are live, but for now, we’ve analyzed the specifics of web development in this business vertical and have some tips on developing  HIPAA compliant software:

hand-finger-pointing-to-right_318-48676

Transport Encryption – Encryption in the interaction of system components. E.g. the front end or mobile app should communicate with backend by encrypted channel. In case of HTTP it’s HTTPS. In any other case you can use such algorithms as RSA to encrypt and decrypt data.

hand-finger-pointing-to-right_318-48676

Backup – Data from all possible sources must be additionally stored somewhere and there should always be the possibility of recovering this data. Please pay attention to the point below called Storage Encryption. Backups should also be well-encrypted and there should be no possibility to “pull” something out of them and there should be no possibility to override the data (see Integrity).

hand-finger-pointing-to-right_318-48676

Authorization – This one is pretty simple. All data that falls under the notion of “medical information” should not be publicly available. To access such data, you need to be authorized.

imagesхипа
hand-finger-pointing-to-right_318-48676

Integrity – It should be impossible for an unauthorized person to swap data. Encryption can help. You can also shoot hashes with information and store this somewhere far away from the data itself, in order to compare hashes with the information itself from time to time to ensure nothing has been changed..

hand-finger-pointing-to-right_318-48676

Storage Encryption Medical data must be securely encrypted. In the case of backups, it is very important that they also be encrypted.

hand-finger-pointing-to-right_318-48676

Disposal – The data owner must be able to permanently delete his medical data.

hand-finger-pointing-to-right_318-48676

Hosting – Hosting for the server must also meet certain requirements. If you’re using a hosting service provider, they should not have access to your data. If this is a self-hosted server, then even you should not be able to read the medical data of the owner.

So, to sum up, you should keep these pointers in mind when working on a HIPAA compliant healthcare app.

If you’d like to discuss your healthcare software application development plans with us, and get a free quote, please contact us.

imagesкомплаент

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Subscribe