HIPPA Deployment

[hammad93]

Our current app does not contain patient records, only publicly available clinician and researcher data. However, we can deploy a secure app.

This is the primary source from the US Department of Health and Human Services which controls HIPPA

https://www.hhs.gov/hipaa/for-professionals/security/index.html

[hammad93]

https://docs.aws.amazon.com/whitepapers/latest/architecting-hipaa-security-and-compliance-on-aws/architecting-hipaa-security-and-compliance-on-aws.html

[hammad93]

We can complete the workbook here to understand HIPPA compliance,

"The Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR), developed a downloadable Security Risk Assessment (SRA) Tool to help guide you through the process. The tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule. The target audience of this tool is medium and small providers; thus, use of this tool may not be appropriate for larger organizations." (https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool)

https://www.healthit.gov/sites/default/files/page/2023-09/SRA_Tool_Version_3.4_Excel_Workbook.xlsx

https://www.healthit.gov/sites/default/files/page/2023-09/SRA_Tool_User_Guide_Version_3.4.pdf

[hammad93]

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04