Ask HN: How to develop a HIPAA compliant app?

8 points

8 years ago

Building a mobile application that will communicate personal health data between the user and a cloud service, what regulatory measures need to be taken?

The data is "protected health information" (PHI), so the app + cloud service definitely need to be HIPAA compliant. What all needs to be done to make sure the system I build passes the grade, and how would I get the system officially certified? What about FDA approval (if the PHI includes medication info)?

I've seen a few helpful sources of info like [1, 2], but is there a comprehensive checklist of requirements and best practices that I haven't come across? Given what's at stake and the repercussions I don't want to leave any stone unturned!

[1] https://aws.amazon.com/quickstart/architecture/compliance-hipaa/ [2] https://www.peerbits.com/blog/hipaa-compliance-mobile-app-development.html

10 comments