Blog

Introducing the Developers Guide to HIPAA Compliance

by Morgan Brown June 2, 2014

With the news today of Apple’s HealthKit and the Health app, we’re fairly certain that interest in mobile health (mHealth) applications is only going to rise. But building a healthcare-based application has particular challenges that other consumer applications don’t face—mainly the regulation and compliance with HIPAA, the Health Insurance Portability and Accessibility Act. The HIPAA Security Rule lays out the requirements for the privacy of user data, called protected health information (PHI)...

Read More

5 Pitfalls Mobile App Developers Face When it Comes to HIPAA Compliance

by Morgan Brown May 27, 2014

The Health Insurance Portability and Accountability Act was signed into law by Bill Clinton on August 21st, 1996. To put this in its technological context, HIPAA predates the first iPhone by 10 years, the first iPad by nearly 14 years, and came into effect just 1 year after commercial ISPs started providing broader access to the consumer Internet. At this point in time, anything close to mobile apps was still beyond the imaginations of even the most outlandish sci fi writers.

Read More

Eight Things We Are Looking for From Apple’s Healthbook and iOS 8

by Morgan Brown May 19, 2014

With the rise of popular wearables like the Nike Fuel band and Jawbone Up, and health-based applications for smartphones, personal health is shaping up to be the next major area of innovation for consumer device makers—smartphone manufacturers included. So it’s no surprise that both Samsung and Apple are planning—or reportedly planning—forays into health with its upcoming devices. Samsung is a mere week away from a major health-based press event, and there’s plenty of speculation around Apple’s...

Read More

What Developers Need to Know about HIPAA Compliance in Wearable Tech

by Morgan Brown May 14, 2014

With dozens of products already on the market and more on the way, it’s clear that wearable tech is only going to grow in popularity with consumers. From Fitbit to Jawbone Up, Nike Fuel Band and more, these devices are tracking more consumer health data than ever. While popular wearables are tracking steps and calories today, it’s likely that they will track things like hydration, heart rate and more in the next few months—especially if rumors about Apple’s Healthbook are true.

Read More

Meet us at HxRefactored

by Morgan Brown May 8, 2014

TrueVault will be at HxRefactored in Brooklyn, New York on May 14-15. Our CEO Jason will be speaking on Wednesday in the HIPAA and Data Security for developers track. His talk, “Decoding HIPAA for Developers” is focused on helping application developers and hardware engineers understand the ins-and-outs of HIPAA compliance for mobile apps, wearable technology and more. If you’re building a new mobile or web app, or software for new wearable devices you’ll want to put this session on your...

Read More

Need a Hand with TrueVault? AirPair Can Help!

by Morgan Brown March 1, 2014

TrueVault is excited to participate in AirPair's premium support program, which allows our customers to work with trusted TrueVault experts on complex API integrations and similar engagements. Airpair gives developers instant access to the world's best software engineering experts via online screensharing and video chat. There are lots of places that let non-engineers hire engineers one-off for low quality projects like oDesk, but Airpair is one of the few and the best that let developers...

Read More

Here's How to Keep Your Mobile Data Secure

by Morgan Brown January 15, 2014

More than 4.4 million phones were stolen or lost in 2013, according to Consumer Reports. With 70.4% of missing phones the result of theft, there is a lot of personal data floating around in the wrong hands. So how can you keep your phone data safe? Follow these nine tips to keep your personal data safe and secure, even if your phone is stolen. Keeping Mobile Data Safe Set a lock screen password.

Read More

What is the penalty for a HIPAA violation?

by Morgan Brown January 9, 2014

HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time. Fines will increase with the number of patients and the amount of neglect. Starting with a breach where you didn’t know and, by exercising reasonable diligence, would...

Read More

HIPAA Compliant File Storage for Healthcare

by Jason Wang January 8, 2014

TrueVault can offer you HIPAA compliant storage for any file format. This is not just a file backup or cloud storage solution. Our BLOB Store was designed from the ground up to integrate with mobile applications, web apps, and wearable devices. File uploads, downloads, updates, and deletes are all accessible via a REST(ful) API. When TrueVault launched in September of 2013 we released HIPAA compliant storage for JSON Documents. In December 2013 we launched our BLOB Store.

Read More

Who Certifies HIPAA Compliance?

by Jason Wang January 4, 2014

The short answer is no one. Unlike PCI, there is no one that can “certify” that an organization is HIPAA compliant. The Office for Civil Rights (OCR) from the Department of Health and Human Services (HHS) is the federal governing body here. And, HHS does not endorse or recognize the “certifications” made by private organizations. There is an evaluation standard in the Security Rule § 164.308(a)(8), and it requires you to perform a periodic technical and non-technical evaluation to make sure...

Read More

How do I become HIPAA compliant? (a checklist)

by Jason Wang October 30, 2013

A little housekeeping before we answer the question. This article is not a definitive list of what is required for HIPAA compliance; you should assign a Privacy Officer to review each rule in its entirety. This article is intended to point you in the right direction. So you have determined that you are handling protected health information (PHI) and that you need to be HIPAA compliant. What’s next? What steps need to be taken in order to become HIPAA compliant?

Read More

HIPAA Physical Safeguards Explained, Part 2

by Jason Wang October 27, 2013

In a previous blog post titled, HIPAA Physical Safeguards Explained, Part 1, we covered the basics of the HIPAA Physical Safeguards and the first of four standards of the HIPAA Security Rule. In this post, we’ll cover the remaining three standards: Workstation Use, Workstation Security and Device and Media Controls. If you skipped part 1 of the series, you should read that first. Otherwise, Let’s dive right in. The Workstation Use standard states your entity must define what each workstation...

Read More

Do I Need To Be HIPAA Compliant?

by Jason Wang October 13, 2013

If you handle what’s called protected health information (PHI), then this is an important question to be asking because HIPAA violations can result in some serious penalties. What is PHI you ask? Good question. PHIis any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a health care service, such as a diagnosis or treatment.

Read More

HIPAA Physical Safeguards Explained, Part 1

by Jason Wang October 10, 2013

Update 10/27/2013: You can read part 2 of this series here Physical Safeguards are a set of rules and guidelines outlined in the HIPAA Security Rule that focus on the physical access to Protected Health Information (PHI). In contrast, Administrative Safeguards focus on policy and procedures, while Technical Safeguards focus on data protection. When we think about PHI, we typically think about the digital form of PHI: database records, PDF patient files, and MRI scan images.

Read More

Latest Posts

What are the penalties associated with GDPR?

How does GDPR define Personal Data?

What is a data subject access request?

Mailing List