Skip to main content









HIPAA compliance - how OutSystems can help

  • Edit
    Collaborate with us
    Edit this page on GitHub
  • Introduction

    This document describes how OutSystems can help you develop and secure your healthcare applications and data while complying with HIPAA security and privacy requirements.

    About OutSystems

    OutSystems dramatically accelerates the development of secure applications, and their deployment in a secure runtime environment. OutSystems’ built-in application lifecycle management capabilities promote a clear assignment of responsibilities in the DevOps processes, laying the foundation for a secure Software Development Lifecycle.

    OutSystems was designed for several deployment models, including third-party cloud vendors and on-premises. Regardless of deployment model, the OutSystems architecture ensures the same functionality is available to developers.

    How OutSystems helps healthcare providers

    OutSystems empowers healthcare providers to move to a patient-centric model by giving them the ability to rapidly build patient-facing apps for purposes such as researching their prescribed drugs, evaluating their treatment options, accessing and controlling their medical information, and more. Applications can be pushed across any platform for any device on a single code base that’s secure and compliant to HIPAA, SOC, and HITRUST.

    HIPAA compliance

    OutSystems applications dealing with protected health information may be subject to compliance with HIPAA. Medical records and other personal health information that both:

    • Identifies an individual
    • Is maintained or exchanged electronically or in hard copy (e.g. photocopied or printed from the database)

    HIPAA considers such personally identifiable information protected if it is possessed by a covered entity or business associate.

    The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule. More information is available here.

    What do I have to do to be HIPAA compliant?

    This is an overview that doesn't replace the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Customers are required to be aware and up-to-date on Health Information Privacy.

    The Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule. These individuals and organizations are called “covered entities”. The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used.

    While the HIPAA Privacy Rule safeguards protected health information (PHI), the Security Rule protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This information is called “electronic protected health information” (ePHI).

    HIPAA safeguards can result in a HIPAA violation when the standards of the HIPAA Security Rule aren’t properly followed. In order to maintain compliance with the HIPAA Security Rule, covered entities must have proper Physical, Administrative, and Technical safeguards in place to keep PHI and ePHI secure.

    Read more about HIPAA in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) from CDC.

    We provide you with the proper tools and documentation to comply with HIPAA regulations while using OutSystems and foster the development of enterprise web and mobile applications.

    HIPAA-compliant hosting options for the OutSystems Platform

    OutSystems gives you the flexibility to manage and host your HIPAA-compliant apps by deploying the OutSystems Platform on-premises or on cloud vendors such as AWS, Microsoft Azure or Google Cloud.

    Layers of controls

    Check next the Checklist of HIPAA safeguards.

    • Was this article helpful?