I am working on a medical related web solution where the application keeps patient's data (name, diagnoses, etc...), and we are using firebase
's real time database for this. We have tried to formulate some solutions to comply to HIPAA standards.
- Put the name data to a different
HIPAA compliant
database provider like Google Cloud, then the rest of the data to firebase. - Encrypt the name data in firebase, where the data are being encrypted and decrypted on a
nodejs
server. Encrypt the
keys
and/oruid
's related to the patient's records. The data are being encrypted and decrypted on anodejs
server.names:{ encrypted_uid:{ firstName: 'Sheldon', middleName: 'Lee', lastName: 'Cooper' } }
Though these solution seems to work I am still skeptical to the setup.
Is there a known and an actual HIPAA compliant
solution for this?