Alpha Software Blog

Building a HIPAA Compliant Health Care App with Alpha Five Version 11

One of the trends we have noticed over the last  few years is the increasing use of Alpha Anywhere by developers for building robust health care applications rapidly.

When building applications it is essential to make sure that the applications are HIPAA compliant. In the USA,  HIPAA compliance is the protocol designed to protect the privacy of  an individual's health records . Similar rules exist in other countries as well.

While some of the HIPAA regulations are fairly straightforward, a number of them are open to interpretation, making development of a HIPAA compliant application a tricky task.

Fortunately, Alpha Five v11 has been designed with the tools needed to meet the demands of key HIPAA requirements.

Below, Alpha Five Version 11 developer Jerry Brightbill, who has had extensive experience building HIPAA compliant healthcare applications - including a large system currently in use by over 20 hospitals, explains some of the most important requirements to think about when developing a HIPAA compliant application:

Some videos from the system that Jerry has built are shown here:

(Note: this is not real patient data in the screen shots and video)

Part 1Part 2Part 3Part 4Part 5Part 6

Building HIPAA Compliant Web Apps

by Jerry Brightbill, Alpha Software.

Building a HIPAA compliant application is somewhat challenging as the requirements cover many aspects of the design and implementation. You will find with some research that no one will certify any app as HIPAA compliant as much of the regulation is open to interpretation. Every security consultant will evaluate the requirements slightly differently and give slightly different recommendations.

However, there are some generally accepted requirements for handling PHI (Patient Health Information). The options available in Alpha Five vary somewhat depending if you are using a desktop type application or a browser based application.

Data encryption

If you are using the standard dbf file format in Alpha Five, we do have options to encrypt data tables. The use of encrypted dbf tables would be common if using a desktop application. However, most developers of browser based applications are moving toward SQL based databases such as MS SQL Server. Those systems offer a number of encryption options. One we are familiar with is MS SQL Server TDE, which is very good and has been evaluated and accepted by government agencies.

Tracking edits, and viewing of data

Alpha Five web components offer options to record data every time a user requests a view or makes an edit. We do this with "events" where some programming code can be added to save data into some log table. If you are working on the desktop, desktop forms also have similar events.

If you are using a SQL based data system, most SQL databases provide programming options such as triggers where the back end database can manage adding data to the view and edit logs. This is often selected as more secure as it is independent of the user interface.

Access security

We have built in login security for desktop applications, as well as a fully featured web security system to prevent unauthorized access to any data. The desktop system offers limited login tracking capability, but the web based security system has features to track all login and logout activity. In both system, access to specific forms and data can be regulated with the built in security.

In addition, our web server system supports SSL encryption and offers protection against common security threats such as SQL injection.

HIPAA regulations also require segregating data to limit access to only users who have authority to see that data.  In simple systems, this is often not a concern as anyone who has access to the system can see any data in the system.  In more complex system, users may be limited to accesses only limited data.  We offer a number of filtering options to limit user access.

Industry evaluations of the issues surrounding HIPAA compliance

Below are links to a few documents that are very useful for navigating HIPAA requirements. Put together by the American Medical Association, the Department of Health and Human Services, and Information Week, these documents answer many of the questions that may arise when developing for HIPAA compliance.

Example of a HIPAA compliant app built with Alpha Five Version 11

Developed with Alpha Five by Jerry Brightbill, this healthcare Referral and Account Management System (RAMS) is currently in use by over 20 hospitals accross the Southwestern US. Watch the videos below to see a demonstration from Jerry:

(Note: this is not real patient data in the screen shots and video)

If you would like to speak to Alpha about building HIPAA compliant applications in Alpha Five, please email


Prev Post Image
Forrester:The Expanding Role Of Mobility In Workplace- Alpha Anywhere
Next Post Image
A True Story-Who Said That Listening to customers is old fashioned?

About Author

Default Author Image
Chris Conroy

Chris Conroy runs digital programs for Alpha Software.

Related Posts
Top Security Concerns for Low-code and No-code Development
Top Security Concerns for Low-code and No-code Development
How No-Code/Low-Code Can Solve Info Management Woes
How No-Code/Low-Code Can Solve Info Management Woes
Building Mission Critical Applications with Low-Code/No-Code
Building Mission Critical Applications with Low-Code/No-Code

The Alpha platform is the only unified mobile and web app development and deployment environment with distinct “no-code” and “low-code” components. Using the Alpha TransForm no-code product, business users and developers can take full advantage of all the capabilities of the smartphone to turn any form into a mobile app in minutes, and power users can add advanced app functionality with Alpha TransForm's built-in programming language. IT developers can use the Alpha Anywhere low-code environment to develop complex web or mobile business apps from scratch, integrate data with existing systems of record and workflows (including data collected via Alpha TransForm), and add additional security or authentication requirements to protect corporate data.