Medical mailing list archives
medical@odoo-community.org
Browse archives
Re: HIPAA Compliance
by
LasLabs, Dave Lasley
Odoo can comply, but it is not an easy task. You will need to work through all points of the administrative and technical safeguards, finding a module or configuration to mitigate each. These should all be identified during a standard risk assessment of the platform, which is one of the administrative requirements of HIPAA.
I guarantee it’s possible, but we charge a significant amount for proper implementation on this and laying these out publicly is not in our interest.
On a side note - email is not and will never be HIPAA compliant, regardless of a BAA with the provider.
-Dave Lasley
Hi Zach,it's a very interesting question. I think if you manage to compile a shortlist of the things that are needed for such a certification, some of us techies could certainly comment point-by-point on whether Odoo, if properly hosted, can comply with it or not.TomOn Mon, Jan 8, 2018 at 9:32 AM, Zachary Waite <waite.zach@gmail.com> wrote:Can anyone comment on the necessary steps to implement Odoo in a HIPAA (Health Insurance Portability and Accountability Act) compliant manner?For example, I'd assume that obtaining a Business Associate Agreement (BAA) with your email host is part of the equation for using the Chatter and Discuss features, but I'm curious if Odoo itself needs additional modification beyond strong server security.--______________________________
_________________
Mailing-List: https://odoo-community.org/groups/medical-20
Post to: mailto:medical@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe _______________________________________________
Mailing-List: https://odoo-community.org/groups/medical-20
Post to: mailto:medical@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
