Developers Guide to HIPAA Compliance
=================================
Version 1.0
About
This guide is designed to provide developers with a solid understanding of HIPAA guidelines and their implications for application development.
HIPAA was originally written in 1996, well in advance of the consumer Internet and a decade ahead of the first iPhone. Therefore, many of the rules and provisions deal with security and privacy issues from a world that didn't have a notion of apps, smartphones, and wearables. And while it's been amended to address privacy and security for the web, the complexity and wide-sweeping nature of the law makes teasing out the exact details to ensure compliance a bit cumbersome.
Further, unlike PCI, there is no certification entity that can provide developers a rubber stamp of compliance approval. It's up to developers and companies alike to ensure compliance requirements are implemented properly.
This guide will give you enough information to give you a strong understanding of HIPAA without getting bogged down in the legalese. We've tried to keep it straight forward, written in plain language.
Table of Contents
01 — Introduction
- 2013 Final Omnibus Rule Update
- Why this guide?
- Who is this guide for?
- Build on our work
- Questions/Feedback
- Mandatory Disclaimer
02 — What is HIPAA?
03 — Do I Need to Be HIPAA Compliant?
04 — HIPAA Security Rule
06 — Who Certifies HIPAA Compliance
07 — HIPAA Fines
- Build vs. Buy
- Unintended Use Cases
- HIPAA Hosting and Compliance
- Does Using HIPAA Hosting Make My Application HIPAA Compliant?
- What Data Should Be Stored in HIPAA Compliant Hosting Environments?
- What Makes a Hosting Environment HIPAA Compliant?
- Network and Application Security
- High-Availability and Redundancy
- Required vs. Addressable HIPAA Implementation Specifications
09 — Mobile Applications
11 — Apple HealthKit and iOS 8
12 — About TrueVault
- Built for Developers Like You
- HIPAA Compliant
- BAA + Insurance
- Startups
- Mobile Apps
- Web Apps
- Wearable Health Tech Devices
- Why People Like TrueVault
- Try TrueVault for Free
About TrueVault
TrueVault is a HIPAA compliant API and secure data store that makes meeting the technical safeguard requirements of HIPAA easy for developers. Think of us like Stripe, but instead of payments, we make sure your app is checking all the boxes for HIPAA security and privacy. Learn more
Disclaimer
We're not lawyers. Nothing in this guide constitutes legal advice. Talk to one if you have specific questions regarding your application and HIPAA compliance.