Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is Firebase Cloud Messaging HIPAA Compliant?

Tags:

firebase

I want to use Firebase Cloud Messaging in a healthcare application. I want to know is FCM HIPAA Compliant and does it provide BAA?

like image 510
Mahmud Ahmad Avatar asked Jul 01 '16 18:07

Mahmud Ahmad

People also ask

Is Firebase HIPAA compliant?

Other Firebase products are not part of GCP's business associate agreement, are unsuitable for handling protected health information, and are not HIPAA-compliant. Back4App is a reliable Firebase HIPAA alternative and can sign BAAs with customers looking to store PHI data under their dedicated resources plans.

Is cloud firestore HIPAA compliant?

So Cloud Firestore is covered under HIPAA compliance and Firebase Realtime Database is not covered.

Which cloud service is HIPAA compliant?

Sync.com is the best HIPAA-compliant cloud service, offering a triple threat of zero-knowledge encryption, access control and a low price point. Google Drive, OneDrive and Dropbox all technically offer HIPAA compliance, though their history of mishandling user data means you'd be wise to stay away from them.

Is Firebase cloud messaging secure?

Firebase is certified under major privacy and security standards.

1 Answers

We’ve just completed the HIPAA audit with a 3rd party for a Firestore Chat sample app (iOS and Android) that’s using End-to-End Encryption. If you’re implementing a healthcare Chat app, keep reading. Otherwise, this isn’t relevant.

The challenge: if you know how E2EE works, you realize that it alone should protect your patients’ data from Firebase/Firestore: apparently, lawyers don’t agree with that. So we had to implement an artificial data redaction that deletes chat messages from Firestore as soon as the messages are delivered. This enables your app to qualify for HIPAA’s Conduit exception, because it only acts as a message delivery system, it doesn’t store permanent health data. This way, your chat solution is exempt of HIPAA.

We’ve compiled the solution into a How-to blog post: https://VirgilSecurity.com/hipaa-firebase - with pointers to reusable sample apps.

Whitepaper that contains our HIPAA audit & 3rd-party data privacy expert’s notes: https://VirgilSecurity.com/firebase-whitepaper

like image 50
David Szabo Avatar answered Sep 24 '22 01:09

David Szabo
Sign in to Comment

Related questions

Why Firebase issues SSL using different domain other than custom domain?
How to use TS Path Mapping with Firebase Cloud Functions
No custom sound with Android Firebase Notification
Receive push notifications on one android app from two Firebase projects
Firebase, Flutter Web App Works locally, but when deployed images are not shown
Creating temporary anonymous users in Firebase
Firebase Firestore comment tree architecture
Firestore - Merging two queries locally
How to fetch records by comparing with date in flutter cloud firestore plugin?
Can Cloud Firestore onSnapshot() only trigger on changes, and not get the initial state?
/angularfire2/index has no exported member 'AngularFire'
Not getting Firebase Dynamic Link of users that download app from Playstore
How do I access my Firebase Database via HTTP REST API?
Checking Firebase current signed-in user via Listener in iOS
Firebase vs MySQL database (hierarchical/relational)
How to View Firebase Notification Delivery Reports?
Firestore order by two fields
What's the difference between Firebase JavaScript SDK and react-native-firebase
Cloud Functions deployment fails: "Function failed on loading user code. Error message: Code in file lib/index.js can't be loaded."
TypeError: Firebase is not a function

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!