Skip to content
/ hipaa Public
forked from awatson1978/hipaa

HIPAA Compliance for Meteor apps. Meta package that includes clinical:hipaa-audit-log and other packages.

1 star 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

clinical-meteor/hipaa

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
README.md
README.md
 
 
hipaa-tests.js
hipaa-tests.js
 
 
hipaa.js
hipaa.js
 
 
package.js
package.js
 
 

Repository files navigation

clinical:hipaa

HIPAA Compliance for Node on FHIR Apps. Meta package containing audit log, user accounts, and ssl security.

Table of Contents

  • Installation
  • Packages
  • HIPAA Compliance Self-Assessment Checklist
  • Hosting Providers Willing to Sign Business Associate Agreements (BAA)
  • HIPAA Compliant Scale Out Using Meteor
  • Policies and Procedures
  • Roles API
  • Crypto API
  • Hipaa API
  • HipaaPolicies API

Installation

meteor add clinical:hipaa

HIPAA Compliance Questionaire

https://catalyze.io/hipaa-self-assessment-checklist

Packages

This is a meta package written for Blaze, and includes the following sub-packages:

alanning:roles
clinical:hipaa-logger
force-ssl
jparker:crypto-aes

HIPAA Compliance Self-Assessment Checklist

https://catalyze.io/hipaa-self-assessment-checklist

Hosting Providers Willing to Sign Business Associate Agreements (BAA)

Aptible.com
Catalyze.io
Microsoft Azure
Amazon Web Services

HIPAA Compliant Scale Out Using Meteor

Phase 1 - Development (1 server)
meteor

Phase 2 - Platform as a Service (2 to 10 servers)
[aptible.com - Node/Meteor App Hosting on AWS](Aptible.com
compose.io - Mongo Hosting on AWS

Phase 3 - Infrastructure as a Service (11+ servers)
Amazon Container Services
Azure Container Services

Phase 4 - Federal HIPAA
Amazon Web Services - HIPAA/Federal Tier
Amazon Web Services - HIPAA Whitepaper
Azure HIPAA & HITRUST

Crypto API

There's technically nothing in HIPAA that specifically says that an organization has to encrypt their data at rest; but many people prefer to do so. Of those who do, there's also differing opinions on whether the default encryption is sufficient that comes with the operating system or database. For those who are particularly paranoid, and don't trust the operating system or database, the clinical:hipaa package comes with an AES encryption algorithm, so you can do in-app encryption and ensure that your data-at-rest is secure.

encrypted = CryptoJS.AES.encrypt("Message", "Passphrase");
console.log(encrypted.toString());
// 53616c7465645f5fe5b50dc580ac44b9be85d240abc5ff8b66ca327950f4ade5

decrypted = CryptoJS.AES.decrypt(encrypted, "Passphrase");
console.log(decrypted.toString(CryptoJS.enc.Utf8));
// Message

Hosting Providers Willing to Sign Business Associate Agreements (BAA)

Aptible.com
Catalyze.io

Licensing

All code is MIT. Use as you will. Disrupt the system. It needs all the help it can get.

Policy and Procedures and Creative Commons.

About

HIPAA Compliance for Meteor apps. Meta package that includes clinical:hipaa-audit-log and other packages.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%