HIPAA Engineering Patterns

HIPAA for healthcare. Patterns and gotchas.

BAA

Business associate agreements with vendors.

Required before processing PHI.

Encryption

At rest and in transit.

TLS 1.2+, AES-256.

Access

Minimum necessary. Audit log every access.

Standard plus stricter access reviews.