How do I approach patients' records security inside medical application

I need the best practices on securing patients records inside the electronic medical record app I am developing. Ground from the database tier up to the presentation tier.
Anas TINAAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gr8gonzoConsultantCommented:
First thing to do is learn HIPAA and know it like the back of your hand. HIPAA compliance covers this exact need, so once you know the requirements behind it, you'll know what you need to do. It's not just a "best practices" thing - it's a list of "here's exactly what you need to do."

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gr8gonzoConsultantCommented:
By the way, this is not an easy thing to do. It is not simply a programming practice - being HIPAA compliant also comes with various practices that you need to enforce. And the list is not a short one. I'd suggest looking at the HIPAA audit protocol defined by HHS:

https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/protocol/index.html


It WILL take a long time to implement everything. But what you definitely do NOT want to do is skip over anything. Medical records are some of the most sensitive pieces of data ever, and if you're caught intentionally skipping over HIPAA compliance practices, you're looking at up to 5 years in prison and a pretty hefty fine. So if you're going to do this, make sure you do it right.
masnrockCommented:
Look at the standards for storage, handling, and transmission of PHI in your country. But also take best practices from a programming standpoint into the development of your application. There are a number of developers like to skip over things like data checking to prevent buffer overflows and other long standard vectors of weakness because of the extra effort. And yes, it is more work up front, but some extra effort at the start leads to not having to put even a greater effort to patch those holes down the road.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.