Research HIPAA

[jsunthon]

Look up HIPAA rules online and how it impacts the way we develop our backend services. For example, should we only allow users that own the data to view their data? If so, this requires an authentication service. Then we might have a different person work on this authentication service

[jvelasco2319]

HIPPA Cloud Computing.docx

[jvelasco2319]

Luckily there was a section solely based on cloud computing with HIPPA rules.

Main Points (will reiterate on more points during our next meeting)

1. Need to encrypt all saved data with an encryption key
2. Need a contractual agreement that we are the CSP's (cloud service provider) under HIPPA agreement
3. For sure need a way to backup data based on HIPPA

[jsunthon]

1) if we use AWS RDS: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html, encryption is already provided

2) will make issue for contractual agreement

3) aws db snapshots arleady provide backup functionality: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateSnapshot.html