HIPAA and Claris FileMaker

The Health Insurance Portability and Accountability Act (HIPAA) was a bill signed by Congress in 1996 that required the Health and Human Services (HHS) to create a set of regulations ensuring the privacy and security of electronic protected health information (e-PHI). As a result, HHS published its privacy and security standards in the HIPAA Privacy Rule and the HIPAA Security Rule. It is required that all applications that acquire and store any protected health information of individuals be compliant with the HIPAA Privacy and Security Rules. 

Claris FileMaker, with security measures and customization built into the platform, make it a uniquely perfect platform to build and create HIPAA compliant applications. Here are the reasons why:


With FileMaker, you can turn on Encryption-at-Rest for the entire database that utilizes FileMaker’s Developer Utilities. By turning on Encryption-at-Rest, the application is given a security key (we recommend this be a strong, randomly generated password) that must be entered every time the application is opened. This ensures that even if the database does fall in the wrong hands, they will not be able to open the database or access any data inside of it without the encryption key.

Encrypted Container Documents

When creating container document fields in FileMaker, the developer has the option to store the documents inside of the database; externally secured or externally open. There are many performance-related reasons to store documents externally, so having both the option to store the documents externally and secured gives you the best of both worlds. The data can only be opened from within the database and will allow you to avoid any database performance issues.

Individualized Accounts and Privilege Sets

Within the database, the administrator has the ability to set up unique accounts and privilege sets for each individual accessing the database. This allows the administrator to quickly and easily add, remove, enable, disable, and adjust each user’s account in the database. Through the use of privilege sets, the administrator can limit each user’s access to different sections or segments of data. The administrator can assign some users to accounts that have access to ePHI data while assigning others to accounts with limited or no access.

Scripting within the Database

Because of the customizability of FileMaker, developers can give each user and/or privilege set a unique user experience through scripting. You can allow only authorized users to navigate to certain layouts in the database and view HIPAA compliant data for an individual. Through scripting, you can also create user session access and action auditing reports, both of which are required by the HIPAA Security Rule.

At Kyo Logic, we believe in developing and maintaining HIPAA compliant applications by successfully using FileMaker as a terrific platform for our clientele. If you are in need of support in building and maintaining a HIPAA compliant application and would like to learn more about what it takes to make a HIPAA compliant FileMaker database, please contact us.