I’m trying to find some information on Hippa compliance for medical document storage for an app I’m building. Can someone point me to what I need to read/know in order to comply with Hippa regulations?
Heh, have to deal with HIPPA compliance at work constantly (this is why my system is not open sourced actually).
First, what do you know about HIPPA compliance? If you are building software that must be certified then prepare to shell out a lot of money and go through some very, very grueling tests that takes a very long time (they love to go well past their timeframes).
Basically think user security, then take that to an extreme. No giving out any user information that is personally identifiable (and the non-personally identifiable has to be vetted). Everything must be encrypted, preferably at run-time as well but not always required (thank goodness). And it just gets worse and worse.
It is a pain, but I’d really start on Wikipedia’s HIPPA page. Then just Google. And the best way to know how to comply with HIPPA regulations is your local company Lawyer and the Government Regulators.
Now everyone knows why I’m so hushed about my main product…
I’m trying to find some information on Hippa compliance for medical document
storage for an app I’m building. Can someone point me to what I need to
read/know in order to comply with Hippa regulations?
HIPAA, not “Hippa”, FWIW.
Start here: https://www.hhs.gov/hipaa/for-professionals
AWS offers some HIPAA-compliant services (including S3) and
that definitely helps simplify the technical side; a lot of compliance
is defining/documenting policy and process though.
You have been lucky that there are at least two members that knew that abbreviation/term, but whenever you introduce terms, especially that are foreign to the domain “elixir”, please provide a short explanation of that term or link to its homepage/wikipedia entry. Sometimes people that don’t know the term but have knowledge in a similar domain are able to help you out at least for a kickstart, just by glancing the linked web sites and transfering some experiences from their domain.
HIPPA is as common a problem for stateside devs as VAT is for euro devs. It’s far from an obscure term.
Even for VAT I were happy to get a link. There was a time I didn’t knew that term but the German abbreviation only. Also dealing with VAT is not common in my day job since we do not sell any software that deals with finance.