Hello! Am trying to develop an app & webapp which I would like to be HIPAA complaint. I've searched the internet for hours but am unable to find any single guide that I can use to ensure that it is so. Is there any sort of checklist that I can use? Do I need to get some certification from somewhere or can I advertise that it is complaint after that?
It's an extremely broad and far-reaching piece of legislation. The relevant laws have also been modified and augmented since the original passage (through the HITECH act in 2009, and the final Omnibus ruling in 2013, as well as others). And yes there are various types of audits you should pass before claiming your site is compliant.<p>Your first step is to hire an attorney, there really isn't any way around it. If you want to get a feel for the complexity, you should start by reading the laws yourself. Title II is the most relevant to your questions. Or for a cliff-note summary read the wiki page: (<a href="http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act" rel="nofollow">http://en.wikipedia.org/wiki/Health_Insurance_Portability_an...</a>). The actual text of the legislations should be linked from there.