The data is not completely secure. Amazon, too, says "to ensure data security ... files containing PHI should be encrypted using technologies such as 256 bit AES algorithms" Creating HIPAA-compliant Medical Data Applications with AWS: http://awsmedia.s3.amazonaws.com/AWS_HIPAA_Whitepaper_Final.pdf
Btw, Google Health may share information with third parties without user authorization: http://www.google.com/intl/en_us/health/hipaa.html So you do need to build some infrastracture to supplement AppEngine for compliance purposes. On Jan 22, 11:25 am, RalphWSiegler <[email protected]> wrote: > Hi Wesley, really was asking if data stored with google was secure > from access by google employees or third party or other applications > for casual browsing, data mining, etc. Could as well ask if GEA is > safe place to store credit card numbers. > > We knowHIPAArequirements, not a problem for us. What we don't know > is google's security and confidentiality of data. > > thanks, > > Ralph > > On Jan 10, 9:10 pm, "Wesley Chun (Google)" <[email protected]> > wrote: > > > greetings! you asked a question that's common but very dependent on > > your implementation. App Engine has no specificcompliancefeatures, > > so it's all up to your implementation. the first thing you need to do > > is to separate the patient information and theirmedicaldata. if > > they're together, then it's very likely that you're not compliant. > > > ironically, in one past life, i worked on software for doctors to use > > for clinical trials. before themedicaldata was even imported into > > our application, all patient info such as name, DOB, SSN, sex, age, > > etc., were masked so that they were not available to the doctors. we > > only had patient ID numbers and their data. > > > one place you can start out to find out more > > aboutcomplianceandHIPAArequirements is here: > > >http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities > > > you may also need to hire a consultancy or company that certifies > >compliance. it's probably worthwhile to pursue this before and during > > the development process. however, we're not lawyers here so we cannot > > give specific advice for your case. > > > hope this helps! > > -- wesley > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > "Core Python Programming", Prentice Hall, (c)2007,2001 > > "Python Fundamentals", Prentice Hall, (c)2009 > > http://corepython.com > > > wesley.j.chun :: [email protected] > > developer relations :: google app engine > > > On Jan 7, 11:49 am, G <[email protected]> wrote: > > > > My _guess_ is that either could easily run intocomplianceconcerns. > > > > Then again, wholesale countrytapping is now the norm, so there is > > > precedence... > > > > -- > > > G > > > > RalphWSiegler wrote: > > > > would the datastore of the GAE beHIPAAcompliant as to privacy and > > > > security of information. > > > > > We (my client's IT department) havemedicalapps to port to cloud > > > > architecture but issue of use of public vs. private cloud (Google App > > > > engine vs. hosted vmware virtual appliance) hinges on this issue. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
