Does anyone have any comments on using open source software cfml #cfml-general

Does anyone have any comments on using open source...

Dave Merrill

06/28/2023, 8:30 PM

Does anyone have any comments on using open source software in a HIPAA compliant environment? Encouraged, discouraged, Absolutely Do Not Go There Unless You Want To Get Sued And Maybe Arrested, etc?

Patrick

06/28/2023, 8:51 PM

If the environment is locked down and following policy procedure and you attempt to use an app that falls out of compliance then it will likely tell them on their 15-20min or shorter regularly scheduled status checks.

Patrick

06/28/2023, 8:54 PM

https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/index.html

bdw429s

06/28/2023, 9:02 PM

I'm not sure what open source would have to do with HIPPA.

bdw429s

06/28/2023, 9:02 PM

I thought HIPPA concerned how you handle customer information, not app architecture.

quetwo

06/28/2023, 9:03 PM

We deploy apps that are used in HIPAA environments. OSS vs. non OSS does not really matter, BUT if you are writing your own code, you really should take a training or certification before you go down that route so you know what is and isn't allowed.

quetwo

06/28/2023, 9:04 PM

80% of it is making sure you leave logs of every action taken that could include PII data. 10% is making sure you have rock-solid access controls. The rest is basic security sanity.

quetwo

06/28/2023, 9:05 PM

The requirements are a LOT more sane than something like PCI-DSS.

Evil Ware

06/29/2023, 1:30 PM

PCI-DSS is not insane, Its just insecure 🙂

Open in Slack

Previous Next