Health Insurance Portability and Accountability Act (HIPAA) of 1996 protects most “identifiable health information’ held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper or oral. The Privacy Rule calls this information Protected Health Information (PHI). PHI under US law is any info in a medical record that can be used to identify an individual that was created in the course of providing a healthcare service, e.g. diagnosis or treatment.
This means that whenever you build a mobile or cloud application which stores PHI to be used in a clinical setting, then your application must be HIPAA Compliant.
What is HIPAA compliance? Well, have a look at the following components of HIPAA Compliance.
Business Continuity Plan
Cloud Security Services
Compliant Cloud Security Architecture
Compliance in the Cloud
Software Development and Maintenance
Communications and Operations Management
Physical and Environmental Security
There is actually more to HIPAA, but we haven’t gotten through documenting all of the details. If you’re interested in Healthcare Security, please contact us.