Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Developers Guide to HIPAA Compliance


Version 1.0


This guide is designed to provide developers with a solid understanding of HIPAA guidelines and their implications for application development.

HIPAA was originally written in 1996, well in advance of the consumer Internet and a decade ahead of the first iPhone. Therefore, many of the rules and provisions deal with security and privacy issues from a world that didn't have a notion of apps, smartphones, and wearables. And while it's been amended to address privacy and security for the web, the complexity and wide-sweeping nature of the law makes teasing out the exact details to ensure compliance a bit cumbersome.

Further, unlike PCI, there is no certification entity that can provide developers a rubber stamp of compliance approval. It's up to developers and companies alike to ensure compliance requirements are implemented properly.

This guide will give you enough information to give you a strong understanding of HIPAA without getting bogged down in the legalese. We've tried to keep it straight forward, written in plain language.

Read the Introduction

Table of Contents

01 — Introduction

02 — What is HIPAA?

03 — Do I Need to Be HIPAA Compliant?

04 — HIPAA Security Rule

05 — Becoming HIPAA Compliant

06 — Who Certifies HIPAA Compliance

07 — HIPAA Fines

08 — Developer Considerations

09 — Mobile Applications

10 — Wearable Applications

11 — Apple HealthKit and iOS 8

12 — About TrueVault

About TrueVault

TrueVault is a HIPAA compliant API and secure data store that makes meeting the technical safeguard requirements of HIPAA easy for developers. Think of us like Stripe, but instead of payments, we make sure your app is checking all the boxes for HIPAA security and privacy. Learn more


We're not lawyers. Nothing in this guide constitutes legal advice. Talk to one if you have specific questions regarding your application and HIPAA compliance.


A developers guide to HIPAA compliance and application development.






No releases published


No packages published