Our HIPAA journey on healthcare applications

Fabricio Pautasso
Dec 31, 2019 · 3 min read

When we started working with healthcare companies one thing that we needed to start looking at was the HIPAA regulation. In these series, we will talk about it and also show a couple of infrastructure implementation examples to be complaint.

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act. It is a federal law enacted in the United States in 1996 as an attempt at incremental health care reform.

HIPPA’s intent is to reform the healthcare industry by reducing costs, simplifying administrative processes and burdens, and improving the privacy and security of individuals health information

Protected Health Information (PHI)

PHI is any individually identifiable health information relating to the past. present or future health condition of the individual regardless of the form in which it is maintained (electronic, paper, etc)

When PHI is in electronic form it is referred to as Electronic Protected Health Information (ePHI)

There are two types of organizations that are regulated under HIPAA, Covered Entities and Business Associates.

Covered entities are the source of PHI, they are the ones with a direct relationship with the individuals whose PHI is being kept. For example doctors, nurses, clinical laboratories, etc.

Business Associates are the third party companies with whom the covered entities share PHI, like software companies, insurance brokers, etc.

Chain of trust

Covered entities cannot share PHI with business associates unless they ensure that the BA is also HIPAA compliant. That assurance is handled under HIPAA by requiring the covered entity to have a signed business associate contract in place with the business associate.

This creates a chain of trust starting with the covered entity and continuing with the chain of multiple levels of business associates.

While HIPAA has several parts, on this series we will be focusing on the technical infrastructure setup to be HIPAA compliant. In some cases, we will provide how-to tutorials to increase security on your AWS infrastructure and in other just some recommendations to consider while you are creating your HIPAA environment.

To continue reading about HIPAA and AWS infrastructure implementations to be compliant, find below our current list of articles on these topics:

Nexton

Nexton empowers companies to engage with the best remote engineers and deliver the best products.

Fabricio Pautasso

Written by

Software Engineer

Nexton

Nexton

Nexton empowers companies to engage with the best remote engineers and deliver the best products.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade