HIPAA Compliance and QuickBase...
Building HIPAA Compliant Applications with QuickBase What is HIPAA? HIPAA Compliance Overview How to Ensure HIPAA compliance when using Quick Base What is HIPAA? HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding electronic Protected Health Information (ePHI). HIPAA was created primarily to modernize the flow of healthcare information, stipulate how ePHImaintained by healthcare industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage. HIPAA Terminology Covered Entity -A covered entity is a health care provider, a health plan or a health care clearing house who, in its normal activities, creates, maintains or transmits PHI. Business Associate -A "business associate" is a person or business that provides a service to – or performs a certain function or activity for – a covered entity when that service, function or activity involves the business associate having access to PHI maintained by the covered entity. The Customer is the Covered Entity andQuick Base is the Business Associate. HIPAA Compliance Overview The HIPAA Privacy Rule addresses how PHI canbe used and disclosed, while the Security Rule mandatesAdministrative,Physical,andTechnicalSafeguards. HIPAA Security Rule Requirements Administrative Safeguards Physical Safeguards Access Controls Administrative Safeguards Access Controls: Access management - employees only see the "minimum necessary" information to do theirjob Authentication of the identity or individual seeking access. Session controls(inactivity logoff) Data encryption (in motion and at rest) Audit controls: Mechanisms for recording and examining activities pertaining to ePHI within the information systems. Password Management: Procedures for creating, changing, and safeguarding passwords Data Backup Plan: Establish & implement procedures to create and maintain retrievable exact copies of electronic protected health information Disaster Recovery Plan: Establish & implement procedures to restore and loss of data Emergency Mode Operation Plan: Business continuity and disaster recovery plans are developed and approved annually Physical Safeguards Facility Security Plan: Implement policies & procedures to safeguard the facility and equipment from unauthorized physical access, tampering, and theft Data Backup & Storage: Automatic full backups of customer production data each day Replicates production data to backup data center every 4 hours We enable our customers to build HIPAA compliant applications on our platform. By leveraging this shared responsibility model, together we share the administration responsibilities and setting controls where appropriate. Further Information This year's audit includes a HIPAA Attestation which validates Quick Base is a HIPAA compliant platform which customers may build HIPAA-compliant apps on. This report can be sent to customers under contract or prospects under NDA. Click here for our marketing website for Security & Compliance Info ------------------------------ Sean Padian ------------------------------
Access Record data from an html page via API call
I have had a hard time getting accustomed to working with API calls from outside of Quick Base and since I have limited experience with XML. Finally after struggling quite a bit I have come up with a (seemingly) decent method for getting/accessing record data from an API call in an HTML page. I will post the code below and please provide any feedback for this method, I am still early using Quick base API calls. This method uses the option to return the record data as a 2-dimensional array that can be accessed with "qdb_data " where the "x" is the index selector. You can easily check the number of returned records by looking at "qdb_data.length" <head> <script lang="javascript" src="yourdomain/db/ yourtable?a=API_GenResultsTable&query={'field id'.operator.matchvalue}&jsa=1&apptoken=[yourtoken]"> </script> <script> function displayData(){ alert(qdb_data ); }</script> </head> Curious about the security of having the API info and app token within the client-side code. Obviously a QB code page is fairly secure compared to a remote code page but still curious about it. Thanks everyone.
Is there available a general security ""White Paper"" that is a document that describes the site and record security provided by Quickbase?
Is there available a general security "White Paper" that is a document that describes the site and record security provided by Quickbase? Looking for something that gives a general overview of these features
Does QuickBase currently support publicly available two-factor authentication?
Hi, Does QuickBase currently support Google Authenticator or similar publicly available two-factor authentication? If so, how do I turn that on? If not, why not and when will this critical security functionality be available?
Security Concern. Help.
So I recently got an email from Ed Jennings, the CEO, alerting me about an incident where-in one the employee emails was used for a phishing scam. They went into detail about what they did to stop it and what I should do and so on. However... The email they provided to ask further security-related questions, security-awareness@quickbase.com, was deemed no longer valid by my outlook client. Now I'm worried if thisemail alert itself is fraudulent. And the fact that I do not see any alerts in my admin console for my realm makes me more suspicious. ------------------------------ James Dalton ------------------------------Why ""Password Reset Error""?
I have a user who has forgotten her email. She goes through the "forgot password" procedures, the system sends her an email, and when she clicks on the email, it takes her to a "Password Reset Error" page, with the message "The email link you clicked on to reset your password was expired. For reasons of security, this link expires 90 minutes after QuickBase sends them. You may try to reset your password by pressing the button below." She's tried clicking that button, and it sends a new email, and when she clicks that link, it takes her to the same "Password Reset Error" page. She's on Chrome. I've tried having her clear cookies and cache, but so far, no luck. Any ideas?
Monthly Subscription with a Report Link
Hello All, Is there a way to send a Monthly Subscription with a link to a report rather than including the report data in the body of the email or as a PDF or CSV attachment? Much of our report data includes personal information that we want to be sent via secure email. Providing a link would at least require a person potentially intercepting an email to be set up as a user or enter an accurate password to access the information. I realize a Notification could be set up; however we wouldn?t want an email every time a change occurs ? only weekly or monthly, and it would be helpful to give easy access to the report [via link] to view all associated records. Thanks in advance for your time and assistance!
