2

If one is hosting an healthcare application(For me its ASP.NET MVC and going to host it in Azure cloud service) which needs to be HIPAA compliance, then encryption is required in 2 aspects: data in motion; and data at rest. Upon searching various locations one comes to the conclusion that the data at rest is taken care by using TDE (transparent data encryption), and data in motion is taken care by SSL. So is there no need to use any encryption/decryption logic from my end?

CodeGifts4All
  • 101
  • 3
  • 1
    I'm voting to close this question as off-topic because this is a compliance question, not a programming question. Probably best to consult with someone who works with compliance issues. – David Makogon May 18 '16 at 11:24
  • 2
    @DavidMakogon while that is true, I am sure the programmers here are also seeking some guidance related to the same query. This is the reason I posted my first question here or any other forum. You may close the question if still an issue. – CodeGifts4All May 19 '16 at 12:18

1 Answers1

0

That's a tough question to be honest, and I'm afraid the answer is a little open ended. The certifications that Microsoft have for the Azure platform certifies the fabric and the platform services in your instance as HIPPA compliant.

Any service you build on the Azure platform also needs to meet that compliance so it is your responsibility to ensure that compliance is met. While I can provide you that level of detail you would need to verify your solution with someone who is an expert in HIPPA compliance.

Martyn C
  • 1,031
  • 9
  • 18
  • Ah...The issue is if I had someone of this caliber then I wont have to ask this question. Any details, if you can provide, is welcome. Thanks. – CodeGifts4All May 19 '16 at 12:16
  • Well we don't have HIPPA in the UK so I don't know of anyone who can provide this level of knowledge. – Martyn C May 19 '16 at 12:19