Digital storage of electronic protected health information is a treacherous path for a small company to walk. The health insurance portability and accountability act enforces a number of requirements on the security controls required for the storage of such sensitive data. Unfortunately, the language used in not crystal clear, and I have been able to find no description of actual technical systems used to comply with these controls.

These controls are required in order to ensure the confidentiality, integrity, and availability of all electronic protected health information [that a] covered entity creates, receives, maintains, or transmits 45 CFR § 164.306(a)(1).

I will outline these requirements here. In a future post I will explain the technical systems I propose implementing in order to comply with these requirements in a low-cost manner. Continue reading ePHI Storage Compliance →