Forum Discussion

SeanPadian's avatar
SeanPadian
Quickbase Staff
4 years ago

HIPAA Compliance and QuickBase...

Building HIPAA Compliant Applications with QuickBase

 

What is HIPAA?

HIPAA Compliance Overview

How to Ensure HIPAA compliance when using Quick Base

 

What is HIPAA?

 

HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding electronic Protected Health Information (ePHI).  HIPAA was created primarily to modernize the flow of healthcare information, stipulate how ePHI maintained by healthcare industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.

 

HIPAA Terminology

 

Covered Entity - A covered entity is a health care provider, a health plan or a health care clearing house who, in its normal activities, creates, maintains or transmits PHI. 

Business Associate - A "business associate" is a person or business that provides a service to – or performs a certain function or activity for – a covered entity when that service, function or activity involves the business associate having access to PHI maintained by the covered entity. 

 

The Customer is the Covered Entity and Quick Base is the Business Associate.

 

HIPAA Compliance Overview

 

The HIPAA Privacy Rule addresses how PHI can be used and disclosed, while the Security Rule mandates Administrative, Physical, and Technical Safeguards.

 

HIPAA Security Rule Requirements

 

Administrative Safeguards

Physical Safeguards

Access Controls

 

Administrative Safeguards

 

Access Controls:

Access management - employees only see the "minimum necessary" information to do their job

Authentication of the identity or individual seeking access.

Session controls (inactivity logoff)

Data encryption (in motion and at rest)

 

Audit controls:

Mechanisms for recording and examining activities pertaining to ePHI within the information systems.

 

Password Management:

Procedures for creating, changing, and safeguarding passwords

 

Data Backup Plan:

Establish & implement procedures to create and maintain retrievable exact copies of electronic protected health information

 

Disaster Recovery Plan:

Establish & implement procedures to restore and loss of data

 

Emergency Mode Operation Plan:

Business continuity and disaster recovery plans are developed and approved annually

 

 

Physical Safeguards

 

Facility Security Plan:

Implement policies & procedures to safeguard the facility and equipment from unauthorized physical access, tampering, and theft

 

Data Backup & Storage:

Automatic full backups of customer production data each day

Replicates production data to backup data center every 4 hours

 

We enable our customers to build HIPAA compliant applications on our platform.  By leveraging this shared responsibility model, together we share the administration responsibilities and setting controls where appropriate.

 

Further Information

This year's audit includes a HIPAA Attestation which validates Quick Base is a HIPAA compliant platform which customers may build HIPAA-compliant apps on.  This report can be sent to customers under contract or prospects under NDA.

 

Click here for our marketing website for Security & Compliance Info



------------------------------
Sean Padian
------------------------------
No RepliesBe the first to reply