0

I am building an application on Firebase, and some of the data needs to be HIPAA compliant. My initial idea was to connect to AWS DynamoDB (HIPAA compliant) from Firebase Cloud Functions, but then I realized that the data would be passing through the (NOT HIPAA compliant) function.

Is there a way to securely access DynamoDB from a serverless webapp? It doesn't have to be DynamoDB either. I am also open to other services that provide HIPAA compliant database services (preferably through an API would be great!).

Thanks in advance.

TheRyan722
  • 885
  • 11
  • 31
  • The Google Cloud BAA covers Cloud Functions. – jarmod Oct 18 '18 at 18:47
  • @jarmod Even if they are setup through firebase? I know Firebase cloud functions is powered by GCP Functions and that you can see them in GCP, but is it still HIPAA compliant when they are setup/deployed through firebase? – TheRyan722 Oct 18 '18 at 18:49
  • How you deploy code is not relevant, to the best of my knowledge, if that's what you're asking. It's all about the creation, receipt, maintenance, and transmission of PHI. Any component that does one of those things must be HIPAA-eligible (and you have additional requirements on top of that, of course). – jarmod Oct 18 '18 at 18:56
  • Alright, thanks a bunch. I'm aware of the other things regarding HIPAA, I was just concerned about establishing a secure HIPAA compliant method of connecting to the AWS DB (since, as you stated, transmission of PHI has to be compliant as well). If you post it as an answer, I'll accept it. – TheRyan722 Oct 18 '18 at 19:00

1 Answers1

0

The key thing here is that you only process, store, and transmit protected health information (PHI) in HIPAA-eligible services, as defined in the Business Associate Addendum (BAA) from your cloud service provider. How you deploy code is not significant, to the best of my knowledge (as that process would not typically involve PHI).

Of course you need to comply with the Security Rule, the Privacy Rule, and the Breach Notification Rule.

jarmod
  • 46,751
  • 9
  • 81
  • 86