HIPAA Compliance and QuickBase...
Building HIPAA Compliant Applications with QuickBase What is HIPAA? HIPAA Compliance Overview How to Ensure HIPAA compliance when using Quick Base What is HIPAA? HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding electronic Protected Health Information (ePHI). HIPAA was created primarily to modernize the flow of healthcare information, stipulate how ePHI maintained by healthcare industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage. HIPAA Terminology Covered Entity - A covered entity is a health care provider, a health plan or a health care clearing house who, in its normal activities, creates, maintains or transmits PHI. Business Associate - A "business associate" is a person or business that provides a service to – or performs a certain function or activity for – a covered entity when that service, function or activity involves the business associate having access to PHI maintained by the covered entity. The Customer is the Covered Entity and Quick Base is the Business Associate. HIPAA Compliance Overview The HIPAA Privacy Rule addresses how PHI can be used and disclosed, while the Security Rule mandates Administrative, Physical, and Technical Safeguards. HIPAA Security Rule Requirements Administrative Safeguards Physical Safeguards Access Controls Administrative Safeguards Access Controls: Access management - employees only see the "minimum necessary" information to do their job Authentication of the identity or individual seeking access. Session controls (inactivity logoff) Data encryption (in motion and at rest) Audit controls: Mechanisms for recording and examining activities pertaining to ePHI within the information systems. Password Management: Procedures for creating, changing, and safeguarding passwords Data Backup Plan: Establish & implement procedures to create and maintain retrievable exact copies of electronic protected health information Disaster Recovery Plan: Establish & implement procedures to restore and loss of data Emergency Mode Operation Plan: Business continuity and disaster recovery plans are developed and approved annually Physical Safeguards Facility Security Plan: Implement policies & procedures to safeguard the facility and equipment from unauthorized physical access, tampering, and theft Data Backup & Storage: Automatic full backups of customer production data each day Replicates production data to backup data center every 4 hours We enable our customers to build HIPAA compliant applications on our platform. By leveraging this shared responsibility model, together we share the administration responsibilities and setting controls where appropriate. Further Information This year's audit includes a HIPAA Attestation which validates Quick Base is a HIPAA compliant platform which customers may build HIPAA-compliant apps on. This report can be sent to customers under contract or prospects under NDA. Click here for our marketing website for Security & Compliance Info ------------------------------ Sean Padian ------------------------------