Quickbase Staff

4 years ago

HIPAA Compliance and QuickBase...

Building HIPAA Compliant Applications with QuickBase

What is HIPAA?

HIPAA Compliance Overview

How to Ensure HIPAA compliance when using Quick Base

What is HIPAA?

HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding electronic Protected Health Information (ePHI). HIPAA was created primarily to modernize the flow of healthcare information, stipulate how ePHI maintained by healthcare industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.

HIPAA Terminology

Covered Entity - A covered entity is a health care provider, a health plan or a health care clearing house who, in its normal activities, creates, maintains or transmits PHI.

Business Associate - A "business associate" is a person or business that provides a service to – or performs a certain function or activity for – a covered entity when that service, function or activity involves the business associate having access to PHI maintained by the covered entity.

The Customer is the Covered Entity and Quick Base is the Business Associate.

HIPAA Compliance Overview

The HIPAA Privacy Rule addresses how PHI can be used and disclosed, while the Security Rule mandates Administrative, Physical, and Technical Safeguards.

HIPAA Security Rule Requirements

Administrative Safeguards

Physical Safeguards

Access Controls

Administrative Safeguards

Access Controls:

Access management - employees only see the "minimum necessary" information to do their job

Authentication of the identity or individual seeking access.

Session controls (inactivity logoff)

Data encryption (in motion and at rest)

Audit controls:

Mechanisms for recording and examining activities pertaining to ePHI within the information systems.

Password Management:

Procedures for creating, changing, and safeguarding passwords

Data Backup Plan:

Establish & implement procedures to create and maintain retrievable exact copies of electronic protected health information

Disaster Recovery Plan:

Establish & implement procedures to restore and loss of data

Emergency Mode Operation Plan:

Business continuity and disaster recovery plans are developed and approved annually

Physical Safeguards

Facility Security Plan:

Implement policies & procedures to safeguard the facility and equipment from unauthorized physical access, tampering, and theft

Data Backup & Storage:

Automatic full backups of customer production data each day

Replicates production data to backup data center every 4 hours

We enable our customers to build HIPAA compliant applications on our platform. By leveraging this shared responsibility model, together we share the administration responsibilities and setting controls where appropriate.

Further Information

This year's audit includes a HIPAA Attestation which validates Quick Base is a HIPAA compliant platform which customers may build HIPAA-compliant apps on. This report can be sent to customers under contract or prospects under NDA.

Click here for our marketing website for Security & Compliance Info

------------------------------
Sean Padian
------------------------------

Security and SSO

Forum Discussion

HIPAA Compliance and QuickBase...

Related Content

QuickBase Scripts

Quickbase App Issues

Embed quickbase form on public web page

I am new to Quickbase

Introducing New Quickbase Navigation (beta)

Recent Discussions

Expanded URL from Reports

Pipeline Error --> "Quickbase reported an error: No error"

View query record if single record otherwise view query list

How do I unhide an app that I have no idea what it is named?

Gnatt plugin