GDPR and HIPAA compliance for health applications solves technical requirements and outsources compliance risks

To make your healthcare service or application GDPR and HIPAA compliant, you need to implement technical requirements on top of a cloud or hosting provider. Those are the most risky, complex and time-consuming development tasks that your team face in any healthcare project. is the only technology that solves all your technical compliance requirements "by Design" and "as a Service".


The General Data Protection Regulation protects all personal data belonging to users resident in the EU. Under GDPR, most health application developers are Data Processors. Health data and other sensitive data receive special protection. Key aspects you need to understand for healthcare applications include:

‣ Data Encryption‣ Pseudonymization‣ Consent tracking‣ Audit trail‣ Right to be forgotten


The Health Insurance Portabilty and Accountability Act covers healthcare data in the US. PHI (protected health information) has to be secured in a suitable fashion. The HIPAA Security Rule distinguishes between physical, technical and administrative requirements. Key aspects include:

‣ Data Encryption‣ Pseudonymization‣ Audit trail

Other Important Regulations

There are a number of other regulations and standards that you need to be aware of. These include the proposed EU ePrivacy Regulation and the Medical Device Regulation (MDR). The MDR is particularly important as it was adopted in 2017 and becomes mandatory from May 2020. For the MDR you need to understand:

‣ Data Encryption‣ Quality management for MDR‣ Certifications for cloud providers‣ MDR classes

You can read more about this in our eBook.

Certified for medical-grade software

ISO 13485 is the de facto mechanism to demonstrate compliance with regulations such as the new EU Medical Device Regulation (MDR). If your suppliers are not ISO 13485 certified, then before going to market you must put in place necessary procedures, tests, monitoring activities and documentation to demonstrate their compliance. Because is certified, you can avoid this, saving you time, money and providing you with all the assurances you need when creating your medical-grade applications.
Download the certificate here.

ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls. These are listed in the ISO 27002 best practice guidance. implements all controls and constantly improves its Security Management System, exceeding all requirements and following best practices. So, you can be sure your data is protected by the state of the art when it comes to security.
Download the certificate here.

Want to find out how you can become compliant?