Customers have the following responsibilities with regard to using the Healthcare Blocks platform:
1. Using up-to-date versions of programming languages, application dependencies, and frameworks in any application that is deployed to the Healthcare Blocks platform and identifying any vulnerabilities in those components.
2. Ensuring application functionality is implemented in a manner consistent with industry standards and security best practices (e.g. OWASP). When deploying a third-party product, customers are responsible for assessing whether the security of such third-party product complies with HIPAA, industry standards, and security best practices.
3. Reviewing Healthcare Blocks application development guidelines and implementing functionality to satisfy HIPAA compliance requirements.
4. Complying with HIPAA administrative/organizational requirements by maintaining an up-to-date set of policies and procedures and conducting an internal risk assessment, at least annually.
5. Training employees and contractors about HIPAA compliance and security awareness topics (e.g. phishing) on an annual basis.
6. Conducting periodic restoration tests of database backups. Healthcare Blocks monitors completeness of daily backups but does not examine their contents due to compliance reasons. Therefore, customers should periodically review and restore database backups; assistance can be requested from Healthcare Blocks.
7. Assessing and requesting the appropriate hosting configuration to support uptime and disaster recovery requirements.
8. Conducting penetration testing of any applications deployed to the Healthcare Blocks platform. Healthcare Blocks only tests its internal applications. "Black box" testing is highly recommended using a temporary replica of a production environment.
Need assistance with these responsibilities? Contact us for recommended resources and partner options.