GDPR and HIPAA Compliance for health applications

GDPR and HIPAA compliance for health applications

Chino.io solves technical requirements and outsources compliance risks

To make your healthcare service or application GDPR and HIPAA compliant, you need to implement technical requirements on top of a cloud or hosting provider. Those are the most risky, complex and time-consuming development tasks that your team face in any healthcare project.
Chino.io is the only technology that solves all your technical compliance requirements "by Design" and "as a Service".

Chino.io closes the GDPR & HIPAA compliance gap
EU GDPR

The General Data Protection Regulation protects all personal data belonging to users resident in the EU. Under GDPR, most health application developers are Data Processors. Health data and other sensitive data receive special protection. Key aspects you need to understand for healthcare applications include:

US HIPAA

The Health Insurance Portabilty and Accountability Act covers healthcare data in the US. PHI (protected health information) has to be secured in a suitable fashion. The HIPAA Security Rule distinguishes between physical, technical and administrative requirements. Key aspects include:

Other Important Regulations

There are a number of other regulations and standards that you need to be aware of. These include the proposed EU ePrivacy Regulation and the Medical Device Regulation (MDR). The MDR is particularly important as it was adopted in 2017 and becomes mandatory from May 2020. For the MDR you need to understand:

  • The certification process
  • Quality management for MDR
  • Certifications for cloud providers
  • MDR classes

You can read more about this in our eBook.

LEARN MORE ABOUT COMPLIANCE

Learn how to build GDPR and HIPAA compliant health applications.

WHAT DATA ARE YOU COLLECTING?

Download our compliance guide and check the status of data you collect.

Certified for medical-grade software

ISO 13485 is the de facto mechanism to demonstrate compliance with regulations such as the new EU Medical Device Regulation (MDR). If your suppliers are not ISO 13485 certified, then before going to market you must put in place necessary procedures, tests, monitoring activities and documentation to demonstrate their compliance. Because Chino.io is certified, you can avoid this, saving you time, money and providing you with all the assurances you need when creating your medical-grade applications.
Download the certificate here.

This certification proves that Chino.io has established, maintains and improves the organisational structure, procedures, and resources to satisfy the quality requirements of ISO 9001. This standard is a prerequisite for any company who wants to receive ISO 13485 certification (essential to market any medical software or device). This certification also gives you reassurances about the quality of work that Chino.io undertakes.
Download the certificate here.

ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls. These are listed in the ISO 27002 best practice guidance. Chino.io implements all controls and constantly improves its Security Management System, exceeding all requirements and following best practices. So, you can be sure your data is protected by the state of the art when it comes to security.
Download the certificate here.

Want to find out how you can become compliant?