Is Dgraph HIPAA Compliant, and if not, why not? What would it need to be so?
4.) Your Project
3.) DGraph Cloud with GraphQL
2.) DGraph Database With DQL
1.) Badger
Obviously you can look at this at different levels.
For the sake of argument let’s talk about a Dedicated Instance of Dgraph Cloud Hosted with Dgraph. I realize Dgraph is not giving out BAAs tomorrow, but could a company that uses Dgraph, give out one?
I also realize non-health care providers need audits to be SOC 2 Compliant. Without getting bogged down in procedures, I am wondering simply if the infrastructure is there, and if not, what is needed?
(asking for a simple answer to a complex question)
Being in the healthcare industry I am also very interested in this. I don’t know though if Dgraph can answer this though because they would have to fully comprehend what HIPAA entails which is a very large undertaking. Maybe secondary question to this would be looking at the self-host option and what that would take to meet compliance even without having a BAA.
My understanding would be this would be very dependent on the cloud provider to also be hipaa or the appropriate cloud validation ready. While some of the questions can be answered here about encryption of the data in transit and at rest (it does this), or user authentication (with ACL it does this) - much of the rest would be on the cloud provider. For this both google cloud and AWS are available, dgraph-labs would have to respond directly to how it is set up to know for sure.
full disclosure: I am notably not in the healthcare sector.
We are in the process of getting our SOC2 type 1 compliance by the end of the year. After that, we will take up SOC2 type 2 compliance and subsequently HIPAA.