I am looking into working with a client who wishes to create an application that would be used in a dental office. This application would of course contain patient and dental information. So what I am trying to find out about are software requirements needed to make sure my app would be HIPAA compliant. Since StrataFrame is designed by those who make medical software I figured this would be a great place to ask.



Would just utilizing the encryption methods within StrataFrame and encrypting the data in the backend be sufficient?

When an authorized end-user uses the app, would I need to have my own security system for logins in place? Or can the end-user utilize their Windows login name to ease the pain of maintaining users and roles separately within the application?



Thanks for any help on this.

-Matt

Wow, Greg.  Great response.  To recap, yes, the RBS is all HIPAA compliant as well as CCHIT compliant.  When it comes to security and encryption, only certain things need to be stored in an encrypted or secure format.  Obviously security is one of these.  But another would be information such as certain medical records (i.e. the patient has some type of disease or is taking certain medications).  These types of things need to be stored in a manner that makes it difficult for someone to go into the database and just read this information.  But that doesn't necessarily mean that it must be encrypted.  In some examples, we will take collections and serialize them into a VarBinary field which is not readable in any way if someone were to hack into the database, yet it is not technically encrypted.  Make sense?  You want your application to be secure as well as fast.  So if you over encrypt...slowness will occur.  So think out of the box and be sure not to go too crazy with trying to encrypt too many fields.