How do I approach patients' records security inside medical application

Anas TINA
Anas TINA used Ask the Experts™
on
I need the best practices on securing patients records inside the electronic medical record app I am developing. Ground from the database tier up to the presentation tier.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
First thing to do is learn HIPAA and know it like the back of your hand. HIPAA compliance covers this exact need, so once you know the requirements behind it, you'll know what you need to do. It's not just a "best practices" thing - it's a list of "here's exactly what you need to do."

Commented:
By the way, this is not an easy thing to do. It is not simply a programming practice - being HIPAA compliant also comes with various practices that you need to enforce. And the list is not a short one. I'd suggest looking at the HIPAA audit protocol defined by HHS:

https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/protocol/index.html


It WILL take a long time to implement everything. But what you definitely do NOT want to do is skip over anything. Medical records are some of the most sensitive pieces of data ever, and if you're caught intentionally skipping over HIPAA compliance practices, you're looking at up to 5 years in prison and a pretty hefty fine. So if you're going to do this, make sure you do it right.
Distinguished Expert 2018

Commented:
Look at the standards for storage, handling, and transmission of PHI in your country. But also take best practices from a programming standpoint into the development of your application. There are a number of developers like to skip over things like data checking to prevent buffer overflows and other long standard vectors of weakness because of the extra effort. And yes, it is more work up front, but some extra effort at the start leads to not having to put even a greater effort to patch those holes down the road.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial