Is Sumac HIPAA compliant?

Is Sumac HIPAA compliant?

General

Sumac supports all the technical requirements that enable an organization to be in compliance with the requirements of the HIPAA standard.

Details

The basic things that Sumac does to comply with HIPAA are:

a. require passwords and user profiles that restrict visibility of the data to authorized users

b. encrypt connections between Sumac and the database

c. provide mechanisms for updating information in the database

d. log access to the information in the database

e. do all the above things securely (the security of these things that is required for Sumac's PA-DSS certification exceeds what the HIPAA standards require)

In the case of HIPAA, most of the requirements are imposed on the organization (i.e. the organization using Sumac), not the Sumac software itself. A Sumac user that leaves print-outs of medical history lying around on their desk is not complying with HIPAA (unless access to their desk is controlled), even though the Sumac software enables them to comply.