Reputation: 93
Does using TrueVault automatically make my web app HIPAA compliant?
I am working on a health startup that deals with personal records of patients and it is essential for us to be HIPAA Complaint. I heard of TrueVault, a company that provides RESTful API for transfer of data.
Does using TrueVault for this automatically makes my web app HIPAA compliant? The company is not too open about it and as far as I have read the company seems to suggest this notion. Does anyone have any idea about if this is true or are there any other things I need to take care of?
My app is based on CodeIgniter Framework (PHP).
Upvotes: 1
Views: 926
Answers (3)
Reputation: 112
This question has been covered in detail on Quora as well - http://www.quora.com/Health-Insurance-Portability-and-Accountability-Act-HIPAA/Becoming-HIPAA-Compliant-Should-you-use-a-Backend-As-A-Service-or-a-HIPAA-Server-Why. Might want to look there for additional responses.
Upvotes: -1
Reputation: 4322
Disclaimer: I'm the founder and CEO of TrueVault.
The short answer is any data you store in TrueVault will meet all the HIPAA Technical and Physical Safeguard implementation details. However, there are other non-technical requirements you will need to put into practice. For example, you will need to make sure your organization meets all the Administrative Safeguards requirements as well (which services like Accountable is well suited).
Ultimately, it is each organization's responsibility to ensure it is fully HIPAA compliant even if certain covered activities are delegated to other Business Associates. So you should always talk to your Business Associates and inquire how they are meeting each implementation detail for you. And make sure your Business Associates will sign a Business Associate Agreement with you.
Don't hesitate to give us a call or email us if you have any TrueVault questions.
Upvotes: 4
Reputation:
No, it does not. The HIPAA Security Rule covers all systems that deal with EPHI (electronic private health information), even if they do not store it themselves. Using TrueVault to store EPHI does not exempt you from HIPAA requirements; it just means you don't need to deal with some of the parts about data storage.
If you are unsure of how to handle HIPAA requirements, talk to a lawyer. (In fact, you should probably talk to a lawyer about this anyway.)
Upvotes: 4
Related Questions
- is Encryption Class in codeigniter is secure and which cipher they used
- Secure Login PHP CodeIgniter
- HIPAA compliant PHP/MySQL application
- Codeigniter secure login systems
- Codeigniter: Is encrypting a password like this secure?
- What is proper way to secure CodeIgniter 2 application with authentication?
- is joomla secure if i do the following:
- Http Post Encryption, Codeigniter enc class? Possible?
- Do I need to manually activate the encryption of session variables in CodeIgniter?
- Safe authentication in codeigniter