HIPAA · CRM

What is one of the best HIPAA secure CRM software applications?

Dr. Geoff DePaula visionary, integrative medicine doc, disruptor

April 14th, 2015

We ar ea healthcare company that handles PHI (Personal Health Information) and we need to be HIPAA secure.  We have an EHR and our own software that will be hosted in a HIPAA secure server, etc.  But we are looking for a good cloud hosted (inexpensive) CRM for screening new potential participants before getting them officially into the EHR system once they sign up.  Would love your thoughts...

Karl Schulmeisters CTO ClearRoadmap

April 14th, 2015

Rob - that sounds fine for DAR (Data At Rest)  but that doesn't address:


  1. Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
  2. Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  3. Protect against reasonably anticipated, impermissible uses or disclosures; and
  4. Ensure compliance by their workforce.
    http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html


Because it doesn't speak to

  • how you encrypt or decrypt inbound/outbound traffic (DIM Data In Motion)
  • how you insure data integrity  during usage (IE App security and runtime anti malware practices)
  • scope of data visibility to various workforce members (think Snowden)
  • security policies of accounts that have access to the unencrypted data
  • training methods of the users with authorized access.


Gaurav - that's good to know - we might need that in the future

Karl Schulmeisters CTO ClearRoadmap

April 14th, 2015

Take a look at Dynamics on Azure. Azure has a section that is HIPAA compliant (frankly that's why we opted for Azure as our platform - and you might consider that for your server environment as well in the future). Essentially MSFT simply requires a "Business Agreement" around the PHI to be stored and then your components are stored in the HIPAA compliant portions of Azure

http://download.microsoft.com/download/8/4/8/8483B6A9-1865-4D17-B6F1-5B66D5C29B10/Windows%20Azure%20HIPAA%20Implementation%20Guidance.pdf

Rob Mitchell Senior Java Software Engineer at Direct Commerce

April 14th, 2015

For our needs, we simply have our application encrypt/decrypt on the fly so that all PII is encrypted at rest on the disk. So if if a malicious person were to steal a snapshot of the entire database, it'd be useless without the encryption key - which is not available to be read on any file system. 

Gaurav Garg Vice President

April 14th, 2015

Tribridge has customized Microsoft Dynamics for healthcare use cases. My team worked with Tribridge to implement their solution in a East coast based healthcare provider. 

Let me know if you need help, I will be happy to make an introduction.
Gaurav