Has anyone out there set up a HIPPA compliant FileMaker Pro AWS Server?
Ok, this should be HIPAA Compliant .. Thanks Mike!
I have not. AWS does offer the option. Here their white paper. https://d0.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf
It requires a dedicated server. Meaning it is considerable more expensive than the normal slice. To be compliant Amazon must be sign a BAA, which they will do.
Currently, the FileMaker Cloud offering does not offer a HIPAA compliant setup.
When it comes to HIPAA compliance with a 3rd party, you need to have them sign a BAA (Business Associate Agreement), which move some of the liabilities over to them as they are storing your ePHI information. You see the problem here? If you create a database which they do not control this will become a legal headache in case of a breach.
Those companies who offer HIPAA compliance or willing to sign a BAA control both the software and the hardware. If you start digging into the whole HIPAA thing there are basically three areas, administrative, physical and technical safeguards all with various sections to understand.
Remember, the government does not certify anything though a lot of companies offer certification, but that is for HIPAA training and awareness.
The HITRUST Alliance offers a third-party assessment that verifies your organization has met all of the industry-defined certification requirements.
I don't know what your needs are, what type of data you store or how it is accessed so I might be way off base here. But one fact is that any breach and loss of ePHI information does come with ginormous penalties.
Thank you both for your replies. Very helpful!
Retrieving data ...