Building HIPAA Compliant Applications With ArangoDB

Protecting personal data is already quite high on (hopefully) all priority lists. Protecting personal healthcare information is even more important. If you are a company or organization in the health services industry and you work with personal patient data, then you have most probably heard about HIPAA compliance. The Health Insurance Portability and Accountability Act (HIPAA) is a law passed in 1996 by US Congress that sets standards and protocols for the protection of patient data in the healthcare industry.

Many of our users and customers asked us about building HIPAA compliant applications with ArangoDB, since storing personal health information (PHI) asks for special protection mechanisms to be in place. So we thought we put the relevant information together in this quick blog post. And to make a long story short, yes, of course, you can build HIPAA compliant applications on top of ArangoDB.
ArangoDB has you covered ensuring your database maintains compliance by meeting these four key requirements:

1. Authentication
2. Authorization
3. Encryption 360°: In transit, at rest, encrypted backups
4. Auditing

ArangoDB Enterprise Edition and HIPAA

There are two versions of ArangoDB available: ArangoDB Community Edition and a commercial ArangoDB Enterprise Edition. ArangoDB Community Edition is a free native multi-model database available under open-source license, while ArangoDB Enterprise is a paid subscription that includes SmartGraphs, Satellite Collections and many enterprise-level security features. While the community edition provides some basics for compliance (authorisation; authentication) the Enterprise Edition provides everything you need out-of-the-box. These additional security capabilities are what will ensure that the personal health information of your users is being stored HIPAA compliant.

Protecting your Data

ArangoDB keeps your data HIPAA compliant by providing Authentication, Authorization, Encryption, and Auditing tools. The ArangoDB LDAP Server feature establishes and authenticates the identity of all users accessing the database. After the user’s identity has been established via LDAP, it must be determined if they have the appropriate authorization to access the data they are querying. An ArangoDB server with LDAP certification determines what actions a user is permitted to make once entering the system such as read/write privileges. ArangoDB 360° encryption makes sure your data is protected all times providing: Encryption in transit, Encryption at rest, and encrypted backups. Finally, The ArangoDB auditing process allows you to monitor access history to the database with detailed audit logs.
For a complete overview and details of these requirements visit our HIPAA Compliance Page.

Conclusion

If you are considering using ArangoDB as your native multi-model solution to store your Protected Health Information (PHI) data, rest assured that you will be HIPAA compliant. The ArangoDB Enterprise Edition has the necessary measures set in place including Authentication, Authorization, Encryption, and Auditing to ensure your organization is in full HIPAA Compliance. See a complete ArangoDB HIPAA overview here.