Link to home
Start Free TrialLog in
Avatar of Anas TINA
Anas TINA

asked on

How do I approach patients' records security inside medical application

I need the best practices on securing patients records inside the electronic medical record app I am developing. Ground from the database tier up to the presentation tier.
ASKER CERTIFIED SOLUTION
Avatar of gr8gonzo
gr8gonzo
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of gr8gonzo
gr8gonzo
Flag of United States of America image
By the way, this is not an easy thing to do. It is not simply a programming practice - being HIPAA compliant also comes with various practices that you need to enforce. And the list is not a short one. I'd suggest looking at the HIPAA audit protocol defined by HHS:

https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/protocol/index.html


It WILL take a long time to implement everything. But what you definitely do NOT want to do is skip over anything. Medical records are some of the most sensitive pieces of data ever, and if you're caught intentionally skipping over HIPAA compliance practices, you're looking at up to 5 years in prison and a pretty hefty fine. So if you're going to do this, make sure you do it right.
Avatar of masnrock
masnrock
Flag of United States of America image
Look at the standards for storage, handling, and transmission of PHI in your country. But also take best practices from a programming standpoint into the development of your application. There are a number of developers like to skip over things like data checking to prevent buffer overflows and other long standard vectors of weakness because of the extra effort. And yes, it is more work up front, but some extra effort at the start leads to not having to put even a greater effort to patch those holes down the road.