HIPAA Regulation

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was created defines how personally identifiable information in the healthcare and insurance industry industries should be protected from fraud and theft.


HIPAA and ]project-open[

]project-open[ has a number of security features required for Heathcare Data Management.

Non-functional features:

  • Role-based access control:
    Access to all business objects in ]po[ is controlled member-based access permissions for normal users. An exception to membership-based access control can be granted to senior staff by including them in groups with "view all" permissions to all business objects of a certain type.
  • Audit all data access:
    Audit is an option to ]project-open[ Enterprise Edition. Audit of read operations is available as an option.
  • Enforce unique user identification:
    Detection of concurrent use of one account from two devices is available as part of the Enterprise Edition. Optional levels are "warning" (users get informed about access from a different device) and "enforcing" (the second user will not be allowed into the system).
  • Emergency access procedure:
    This has not been implemented yet.
  • Automatic logoff:
    This is a standard features, the duration of a session is configurable.

Functional features:

  • Role-based access control:
    All GUI elements (portlets, links, menu tabs) are linked to permission. Access to the underlying transactions is controlled by "privileges".


Note: This article has been written by Frank Bergmann. Frank is not a lawyer, and this article is not legal advice. 

  Contact Us
  Project Open Business Solutions S.L.

Calle Aprestadora 19, 12o-2a

08902 Hospitalet de Llobregat (Barcelona)


 Tel Europe: +34 609 953 751
 Tel US: +1 415 200 2465
 Mail: info@project-open.com