Anas TINA
asked on
How do I approach patients' records security inside medical application
I need the best practices on securing patients records inside the electronic medical record app I am developing. Ground from the database tier up to the presentation tier.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Look at the standards for storage, handling, and transmission of PHI in your country. But also take best practices from a programming standpoint into the development of your application. There are a number of developers like to skip over things like data checking to prevent buffer overflows and other long standard vectors of weakness because of the extra effort. And yes, it is more work up front, but some extra effort at the start leads to not having to put even a greater effort to patch those holes down the road.
https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/protocol/index.html
It WILL take a long time to implement everything. But what you definitely do NOT want to do is skip over anything. Medical records are some of the most sensitive pieces of data ever, and if you're caught intentionally skipping over HIPAA compliance practices, you're looking at up to 5 years in prison and a pretty hefty fine. So if you're going to do this, make sure you do it right.