With expert authors:
When a digital health product stores, processes, or transmits PHI, HIPAA asserts rules for how it should handle a multitude of security, privacy, and policy procedures, called “controls”. Demonstrating that your company and your digital health product meet all those controls is how you can call yourself compliant.
HIPAA controls can be conceptually organized into three levels: infrastructure, application, and company. This guide dives into all the under-the-hood considerations you must manage at the application level to ensure your application meets the security requirements required for healthcare data.
Following this guidance will enable you to get through an audit process and help you more successfully engage with healthcare customers.
The HIPAA Compliance at the Application Level guide includes information and checklists for:
Your responsibility for HIPAA
Understanding your application's usage including access, credentials & provisioning, ACLs, and usage audits
Alignment with customer processes and needs, including business continuity, training & support, data onboarding and backload, collecting user and outcomes data, and upgrading the app