How to make app HIPAA compliant?

Karl Larson

Hey all,

I’m wondering if anyone has experience getting their app HIPAA compliant. I’m guessing there’s a lot more to do than simply upgrade the Xano plan, but I haven’t found a clear roadmap on what to do next.

Has anyone done this? Or know generally what the process is like?

Some specific questions: is there an audit to pass? Can I send Business Associate Agreements (BAA), encrypt PII, draft some audit/compliance standards and be good? Do I need SOC 2 as well?

This is a vague question, but any help pointing me in the right direction would be greatly appreciated.
(FYI WeWeb is front end.)

quentindty

Hey @Karl Larson 👋

Q from WeWeb here.

Kyan (one of our users) made a healthcare app that is 100% HIPAA compliant using WeWeb and Xano. You can see the replay here:

https://www.youtube.com/watch?v=QicnS_DIKOY&t=1773s

For WeWeb, nothing to be done except to always use the "dynamic" option for collections, so that no data goes through our servers.

For Xano, I think you need a specific plan. I'll let their team step in ;)

Liz Anaya

Hey @quentindty! 👋 Thanks for chiming in!

@Karl Larson Check out these blogs 👇 and let me know if they are helpful. 😄

• HIPAA Compliant Web or Mobile Applications Checklist for 2022
• HIPAA Compliance and Software Development: Complete Guide

Also, consider upgrading your Xano instance to a Scale plan (if you haven't already) where you would be eligible to add our HIPAA enhancement. More info here.

Karl Larson

Thanks for the reply, @Liz Anaya!

Those posts are helpful. I'm trying to get a grip on who does what to get HIPAA compliant.

Posting everything in this comment didn't work (it's probably too long), so I created a Notion document.

Thank you in advance if you have the time to read it 🙏 And of course, any response isn't legal advice/binding to you/Xano/etc.

https://karlso.notion.site/HIPAA-Questions-c804ebef499d447697a3bcf2901576f7?pvs=25