Forum Discussion

SeanPadian's avatar
Qrew Trainee
4 years ago

HIPAA Compliance and QuickBase...

Building HIPAA Compliant Applications with QuickBase


What is HIPAA?

HIPAA Compliance Overview

How to Ensure HIPAA compliance when using Quick Base


What is HIPAA?


HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding electronic Protected Health Information (ePHI).  HIPAA was created primarily to modernize the flow of healthcare information, stipulate how ePHI maintained by healthcare industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.


HIPAA Terminology


Covered Entity - A covered entity is a health care provider, a health plan or a health care clearing house who, in its normal activities, creates, maintains or transmits PHI. 

Business Associate - A "business associate" is a person or business that provides a service to – or performs a certain function or activity for – a covered entity when that service, function or activity involves the business associate having access to PHI maintained by the covered entity. 


The Customer is the Covered Entity and Quick Base is the Business Associate.


HIPAA Compliance Overview


The HIPAA Privacy Rule addresses how PHI can be used and disclosed, while the Security Rule mandates Administrative, Physical, and Technical Safeguards.


HIPAA Security Rule Requirements


Administrative Safeguards

Physical Safeguards

Access Controls


Administrative Safeguards


Access Controls:

Access management - employees only see the "minimum necessary" information to do their job

Authentication of the identity or individual seeking access.

Session controls (inactivity logoff)

Data encryption (in motion and at rest)


Audit controls:

Mechanisms for recording and examining activities pertaining to ePHI within the information systems.


Password Management:

Procedures for creating, changing, and safeguarding passwords


Data Backup Plan:

Establish & implement procedures to create and maintain retrievable exact copies of electronic protected health information


Disaster Recovery Plan:

Establish & implement procedures to restore and loss of data


Emergency Mode Operation Plan:

Business continuity and disaster recovery plans are developed and approved annually



Physical Safeguards


Facility Security Plan:

Implement policies & procedures to safeguard the facility and equipment from unauthorized physical access, tampering, and theft


Data Backup & Storage:

Automatic full backups of customer production data each day

Replicates production data to backup data center every 4 hours


We enable our customers to build HIPAA compliant applications on our platform.  By leveraging this shared responsibility model, together we share the administration responsibilities and setting controls where appropriate.


Further Information

This year's audit includes a HIPAA Attestation which validates Quick Base is a HIPAA compliant platform which customers may build HIPAA-compliant apps on.  This report can be sent to customers under contract or prospects under NDA.


Click here for our marketing website for Security & Compliance Info

Sean Padian
No RepliesBe the first to reply