If you're going through a HIPAA security audit by a hospital or payer compliance office, auditing and logging will show that your application is secure.

Business associates and subcontractors need a HIPAA disaster recovery contingency plan in place to maintain the integrity of ePHI in case of a disaster.

There's confusion around the MACRA, MIPs, and APMs goals. It begs the question, Is Meaningful Use dead? Learn the MIPS APM and MACRA acronyms and more.

To understand FHIR, you must understand the FHIR Resource Object. This entry will help explain its origins and intent with links to help.

The FHIR standard is based on API routes but what should the API route look like? Learn general design principles and guidelines to build RESTful APIs.

The FHIR acronym stands for Fast Healthcare Interoperability Resources. FHIR is a new open sourced interoperability standard of the HL7 organization.

HITRUST certification by the HITRUST Alliance enables vendors and covered entities to prove HIPAA compliance based on a standardized framework.

HIPAA attestation is everywhere but are they really compliant? Companies can self-attest to HIPAA compliance because there are no HIPAA certifications.

This post discusses HIPAA and different types of hosted infrastructure options, answering the question of why HIPAA is not PCI.

Understanding the HIPAA breach policy and having a breach notification checklist can prepare you in case of unauthorized disclosure of ePHI.

With ePHI access, business associates are required to sign a HIPAA business associate agreement (BAA). Learn more about business associate agreements here.

Let's walk through the names, players, and timelines for delivering your first HL7 Epic integration or any other EHR integration like Cerner or Allscripts.

HL7 is a healthcare industry standard for messaging between applications, for example from EHR to PMS. Learn HL7 basics, including HL7 v2 and v3.

The HIPAA acronym stands for the Health Insurance Portability and Accountability Act. This HIPAA primer covers HIPAA 101 basics, meaning, entitities, etc.

The HL7 acknowledgment message, HL7 ACK, is critical for smooth, ongoing HL7 communication. Learn the nuances of HL7 ACK messages, segments, and codes.

This deep dive explains HL7 message types, message structure, message segments, codes, fields and the complete anatomy of an HL7 message.

GxP stands for "Good Practice" and is a set of operational controls for Life Sciences organizations working within the confines of the FDA. Learn more about GxP compliance.

GxP does not have the concept or BAAs or contracts that outline risk like HIPAA does. There is no concept of inheritance or chaining liability. Learn more here.

The recent announcement by AthenaHealth that their APIs had been called one billion times serves as both a milestone for the use of APIs in healthcare and a reminder that API quality is as important as quantity.

GDPR compliance is an imperative starting May, 2018 for companies who work with data on EU citizens. Understand the fines and penalties in Article 83.