One of the trends we have noticed over the last few years is the increasing use of Alpha Anywhere by developers for building robust health care applications rapidly.
When building applications it is essential to make sure that the applications are HIPAA compliant. In the USA, HIPAA compliance is the protocol designed to protect the privacy of an individual's health records . Similar rules exist in other countries as well.
While some of the HIPAA regulations are fairly straightforward, a number of them are open to interpretation, making development of a HIPAA compliant application a tricky task.
Fortunately, Alpha Five v11 has been designed with the tools needed to meet the demands of key HIPAA requirements.Below, Alpha Five Version 11 developer Jerry Brightbill, who has had extensive experience building HIPAA compliant healthcare applications - including a large system currently in use by over 20 hospitals, explains some of the most important requirements to think about when developing a HIPAA compliant application:
Some videos from the system that Jerry has built are shown here:
(Note: this is not real patient data in the screen shots and video)
Part 1, Part 2, Part 3, Part 4, Part 5, Part 6
Building HIPAA Compliant Web Appsby Jerry Brightbill, Alpha Software.
Building a HIPAA compliant application is somewhat challenging as the requirements cover many aspects of the design and implementation. You will find with some research that no one will certify any app as HIPAA compliant as much of the regulation is open to interpretation. Every security consultant will evaluate the requirements slightly differently and give slightly different recommendations.
However, there are some generally accepted requirements for handling PHI (Patient Health Information). The options available in Alpha Five vary somewhat depending if you are using a desktop type application or a browser based application.
Data encryptionIf you are using the standard dbf file format in Alpha Five, we do have options to encrypt data tables. The use of encrypted dbf tables would be common if using a desktop application. However, most developers of browser based applications are moving toward SQL based databases such as MS SQL Server. Those systems offer a number of encryption options. One we are familiar with is MS SQL Server TDE, which is very good and has been evaluated and accepted by government agencies.
Tracking edits, and viewing of dataAlpha Five web components offer options to record data every time a user requests a view or makes an edit. We do this with "events" where some programming code can be added to save data into some log table. If you are working on the desktop, desktop forms also have similar events.
If you are using a SQL based data system, most SQL databases provide programming options such as triggers where the back end database can manage adding data to the view and edit logs. This is often selected as more secure as it is independent of the user interface.
Access securityWe have built in login security for desktop applications, as well as a fully featured web security system to prevent unauthorized access to any data. The desktop system offers limited login tracking capability, but the web based security system has features to track all login and logout activity. In both system, access to specific forms and data can be regulated with the built in security.
In addition, our web server system supports SSL encryption and offers protection against common security threats such as SQL injection.
HIPAA regulations also require segregating data to limit access to only users who have authority to see that data. In simple systems, this is often not a concern as anyone who has access to the system can see any data in the system. In more complex system, users may be limited to accesses only limited data. We offer a number of filtering options to limit user access.
Industry evaluations of the issues surrounding HIPAA complianceBelow are links to a few documents that are very useful for navigating HIPAA requirements. Put together by the American Medical Association, the Department of Health and Human Services, and Information Week, these documents answer many of the questions that may arise when developing for HIPAA compliance.
Example of a HIPAA compliant app built with Alpha Five Version 11Developed with Alpha Five by Jerry Brightbill, this healthcare Referral and Account Management System (RAMS) is currently in use by over 20 hospitals accross the Southwestern US. Watch the videos below to see a demonstration from Jerry:
If you would like to speak to Alpha about building HIPAA compliant applications in Alpha Five, please email firstname.lastname@example.org