The major part of security in healthcare is HIPAA, and the HIPAA rules changed in late 2013 with the new HIPAA Omnibus that adds subcontractors entities.

RESTful APIs are the backbone of many webservices today. Having the tools to integrate an not-natively-RESTful interface engine with this common standard opens a lot of possibilities. In the healthcare space, queuing the HL7 properly is critical. In this article, we explore ways to do this properly.

HIPAA requires that business associates and covered entities retain multiple types of data for at least six years. Learn what data you need to retain.

High performance scores and ratings can be a strategic advantage over competitors. Understand MIPS, including qualifiers, scoring, and threshholds.

If you're going through a HIPAA security audit by a hospital or payer compliance office, auditing and logging will show that your application is secure.

Business associates and subcontractors need a HIPAA disaster recovery contingency plan in place to maintain the integrity of ePHI in case of a disaster.

There's confusion around the MACRA, MIPs, and APMs goals. It begs the question, Is Meaningful Use dead? Learn the MIPS APM and MACRA acronyms and more.

The FHIR standard is based on API routes but what should the API route look like? Learn general design principles and guidelines to build RESTful APIs.

To understand FHIR, you must understand the FHIR Resource Object. This entry will help explain its origins and intent with links to help.

HITRUST certification by the HITRUST Alliance enables vendors and covered entities to prove HIPAA compliance based on a standardized framework.

HIPAA attestation is everywhere but are they really compliant? Companies can self-attest to HIPAA compliance because there are no HIPAA certifications.

This post discusses HIPAA and different types of hosted infrastructure options, answering the question of why HIPAA is not PCI.

With ePHI access, business associates are required to sign a HIPAA business associate agreement (BAA). Learn more about business associate agreements here.

Let's walk through the names, players, and timelines for delivering your first HL7 Epic integration or any other EHR integration like Cerner or Allscripts.

The HIPAA acronym stands for the Health Insurance Portability and Accountability Act. This HIPAA primer covers HIPAA 101 basics, meaning, entitities, etc.

The HL7 acknowledgment message, HL7 ACK, is critical for smooth, ongoing HL7 communication. Learn the nuances of HL7 ACK messages, segments, and codes.

This deep dive explains HL7 message types, message structure, message segments, codes, fields and the complete anatomy of an HL7 message.

GxP stands for "Good Practice" and is a set of operational controls for Life Sciences organizations working within the confines of the FDA. Learn more about GxP compliance.

GxP does not have the concept or BAAs or contracts that outline risk like HIPAA does. There is no concept of inheritance or chaining liability. Learn more here.

The recent announcement by AthenaHealth that their APIs had been called one billion times serves as both a milestone for the use of APIs in healthcare and a reminder that API quality is as important as quantity.