Menu
There's a recent startup out of YC which seems interesting called Truevault.com, which allows you to store JSON documents in their database via an API and is HIPAA compliant.
I am working on a healthcare app, and am wondering which is a better strategy in terms of HIPAA compliance:
1) Heroku + Truevault - easier deployment initially but Heroku won't sign Business Associate Agreement, so not sure if this is truly HIPAA complicant even if I don't store PHI on the heroku server or temporarily store it there.
2) Run everything on Amazon EC2 - Amazon will sign BAA so no issue here, but will have to do server maintenance myself (rather not)
3) Heroku + Amazon S3 database - run server on Heroku but store everything on S3, Amazon to sign BAA
Anyone with experience what would be most compliant yet practical? Thanks in advance.
273
Aptible are working on a platform to do exactly that, i.e. automating HIPAA compliance where possible, training you on the stuff you need to do yourself, and letting you build systems on standard databases and ecosystems. They're in private beta at the moment.
Disclaimer: I'm not associated with them, but I did meet the founders today and they're an approachable, clever bunch.
171
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
