You can really go about [HIPAA compliance] in one of three ways:
Decide that you’re not going to have PHI in your system and don’t need to worry about HIPAA compliance. This is the easiest choice, but remember, there’s no safe harbor with HIPAA.
Decide that you’ll build out the compliance requirements yourself. Many of the safeguards are standard parts of today’s apps, login, auto-logout, etc. You can build many of these as part of your core infrastructure. Others are not so easy to build and [email protected]
You outsource your HIPAA compliance. Using a service like TrueVault you are guaranteed compliance with the technical and physical safeguard requirements by storing any PHI in the cloud in TrueVault’s secure data store.