HIPAA Compliance and QuickBase...
Building HIPAA Compliant Applications with QuickBase
What is HIPAA?
HIPAA Compliance Overview
How to Ensure HIPAA compliance when using Quick Base
What is HIPAA?
HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding electronic Protected Health Information (ePHI). HIPAA was created primarily to modernize the flow of healthcare information, stipulate how ePHI maintained by healthcare industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.
HIPAA Terminology
Covered Entity - A covered entity is a health care provider, a health plan or a health care clearing house who, in its normal activities, creates, maintains or transmits PHI.
Business Associate - A "business associate" is a person or business that provides a service to – or performs a certain function or activity for – a covered entity when that service, function or activity involves the business associate having access to PHI maintained by the covered entity.
The Customer is the Covered Entity and Quick Base is the Business Associate.
HIPAA Compliance Overview
The HIPAA Privacy Rule addresses how PHI can be used and disclosed, while the Security Rule mandates Administrative, Physical, and Technical Safeguards.
HIPAA Security Rule Requirements
Administrative Safeguards
Physical Safeguards
Access Controls
Administrative Safeguards
Access Controls:
Access management - employees only see the "minimum necessary" information to do their job
Authentication of the identity or individual seeking access.
Session controls (inactivity logoff)
Data encryption (in motion and at rest)
Audit controls:
Mechanisms for recording and examining activities pertaining to ePHI within the information systems.
Password Management:
Procedures for creating, changing, and safeguarding passwords
Data Backup Plan:
Establish & implement procedures to create and maintain retrievable exact copies of electronic protected health information
Disaster Recovery Plan:
Establish & implement procedures to restore and loss of data
Emergency Mode Operation Plan:
Business continuity and disaster recovery plans are developed and approved annually
Physical Safeguards
Facility Security Plan:
Implement policies & procedures to safeguard the facility and equipment from unauthorized physical access, tampering, and theft
Data Backup & Storage:
Automatic full backups of customer production data each day
Replicates production data to backup data center every 4 hours
We enable our customers to build HIPAA compliant applications on our platform. By leveraging this shared responsibility model, together we share the administration responsibilities and setting controls where appropriate.
Further Information
This year's audit includes a HIPAA Attestation which validates Quick Base is a HIPAA compliant platform which customers may build HIPAA-compliant apps on. This report can be sent to customers under contract or prospects under NDA.
Click here for our marketing website for Security & Compliance Info
------------------------------
Sean Padian
------------------------------
