HIPAA compliance
Hey, I have a Flutter app which is live on the app store, and one of the new features is to sync it with the Apple HealthKi and TryTerra API to pull data from users glucose monitors.
One of the clients prerequisites is to be HIPAA compliant. What does that mean in terms of Supabase. We are using a cloud hosted Supabase instance. Do we need to be working with client side encryption now, what even is HIPAA compliance in terms of Supabase?
Thanks!
3 Replies
https://supabase.com/docs/guides/security/hipaa-compliance
https://supabase.com/docs/guides/platform/hipaa-projects
It is an add on to team or enterprise plans.
And just adding that add on makes it HIPAA compliant? There is no need to do any encryption etc.?
I'm just linking their docs on it. I personally don't know the details of HIPAA. I've not heard anything about client side encryption being required. That is a pretty major step as then if user loses password all their data is gone in most cases.
Using https all data is encrypted in transit. Supabase stores all data on disk encrypted at rest. Most of what I see in HIPAA involves making sure there are controls on the access to the data on the servers/backups by staff or accidental/stolen release.