Software Developers Guide to HIPAA Compliance
This guide is designed to provide developers with a solid understanding of HIPAA guidelines and their implications for application development.
HIPAA was originally written in 1996, well in advance of the consumer Internet and a decade ahead of the first iPhone. Therefore, many of the rules and provisions deal with security and privacy issues from a world that didn't have a notion of apps, smartphones, and wearables. And while it's been amended to address privacy and security for the web, the complexity and wide-sweeping nature of the law makes teasing out the exact details to ensure compliance a bit cumbersome.
Further, unlike PCI, there is no certification entity that can provide developers a rubber stamp of compliance approval. It's up to developers and companies alike to ensure compliance requirements are implemented properly.
This guide will give you enough information to give you a strong understanding of HIPAA without getting bogged down in the legalese. We've tried to keep it straight forward, written in plain language.
We're not lawyers. Nothing in this guide constitutes legal advice. Talk to one if you have specific questions regarding your application and HIPAA compliance.
This guide was orginally sourced from TrueVault's HIPAA Compliance Developers Guide. TrueVault's orginal 2014 material was forked to be completely restructured with the latest HHS guidance and more content such as examples, specific HIPAA clauses and references. Additionally, TrueVault sales funnel references were removed.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.