HIPAA Compliance and Continuous Delivery

The HIPAA law poses a compliance challenge for developers of software that intersects electronic protected health information (ePHI). Part of the burden is showing proper control over the electronic system: how you provision for auditing, availability, access control, and so on.

If you’re a practitioner of DevOps and continuous delivery, you’ve got a good head start on meeting those challenges. DevOps and continuous delivery believe in the idea of configuration as code. In other words, all of your runtime configuration and environment data is stored in an SCM system like Git or Subversion. As a result, the SCM system is your system of record for how your software was actually deployed, and helps you demonstrate compliance with the HIPAA provisions.

There is, however, a slight wrinkle in the story: the SCM system is now a critical part of your runtime infrastructure, and most SCM systems are not designed to be highly available with no risk of data corruption.

That’s where WANdisco’s family of MultiSite and Clustering products for Git and Subversion come into play. WANdisco provides a 100% uptime solution; every node in the deployment is a replicated peer, so the loss of a single server does not pose a problem. High Availability and Disaster Recovery are built in with automatic failover and recovery capabilities.

Moreover, these are zero data loss solutions. By the time a piece of runtime configuration data is committed, it is guaranteed to exist on more than one node, guaranteeing data integrity. Every site, including deployment sites, will see the right set of data.

In an environment bound by regulatory and compliance concerns, you need the peace of mind that a 100% uptime solution with guaranteed data integrity provides. Give us a call for more information on how Subversion and Git MultiSite and Clustering can help you meet your compliance demands.

0 Responses to “HIPAA Compliance and Continuous Delivery”

  • No Comments

Leave a Reply