Build Headless HIPAA-Compliant Apps with Parse HIPAA

What is Parse?

Parse is an amazing self-hosted open-source system that enables developers build headless application using RESTful API or GraphQL and MongoDB or PostgreSQL in the backend.

The generated API can be used to create web apps, mobile apps, or even desktop apps. It can be also used to integrate with other apps.

What is Parse HIPAA?

Parse HIPAA is a custom Parse-based system that comes with dozens of prebuilt tools, and features to ensure building HIPAA-compatible apps.

It enables you to run and deploy your own HIPAA & GDPR compliant parse-server with PostgreSQL or MongoDB. parse-hipaa also includes parse-dashboard for viewing/modifying your data in the Cloud. Since parse-hipaa is a pare-server, it can be used for iOS, Android, Flutter, and web based apps (JS, React Native, etc). API's such as GraphQL and REST are enabled by default in parse-hipaa and can be tested directly or via the "API Console" in the Parse Dashboard.

Parse-HIPAA includes the necessary database auditing and logging for HIPAA compliance.

What does it include?

parse-hipaa provides the following:

•  Auditing & logging at server-admin level (Parse) and at the database level (postgres or mongo)
•  The User class (and the ParseCareKit classes if you are using them) are locked down and doesn't allow unauthenticated access (the standard parse-server allows unauthenticated read access by default)
•  The creation of new Parse Classes and the addition of adding fields from the client-side are disabled. These can be created/added on the server-side using Parse Dashboard (the standard parse-server allows Class and field creation on the client-side by default)
•  Ready for encryption in transit - parse-hipaa and it's companion images are setup to run behind a proxy with files & directions on how to complete the process with Nginx and LetsEncrypt
•  File uploads are only allowed by authenticated users (the standard parse-server allows unauthenticated uploads by default)
•  File uploads are encrypted with AES-256-GCM by default (the standard parse-server doesn't encrypt files by default)
  

Tech

Parse-HIPAA is derived from the parse-server image and contains the following additional packages:

• parse-hipaa-dashboard
• parse-server-carekit
• clamscan
• newrelic - automatically configured with Heroku deployments, needs additional configuration if you want to use elsewhere
• parse-server-any-analytics-adapter - needs additional configuration if you want to use
• @analytics/google-analytics - needs additional configuration if you want to use
• @analytics/google-analytics-v3 - needs additional configuration if you want to use
• @parse/s3-files-adapter - needs additional configuration if you want to use
• parse-server-api-mail-adapter - needs additional configuration if you want to use
• mailgun.js - needs additional configuration if you want to use

Docker Images

Images of parse-hipaa are automatically built for your convenience. Images can be found at the following locations:

• Docker - Hosted on Docker Hub
• Singularity - Hosted on GitHub Container Registry

License

• MIT License

Resources & Downloads

• Source-code and download

GitHub - netreconlab/parse-hipaa: HIPAA & GDPR compliant ready parse-server with postgres/mongo, parse-hipaa-dashboard. Compatible with ParseCareKit

HIPAA & GDPR compliant ready parse-server with postgres/mongo, parse-hipaa-dashboard. Compatible with ParseCareKit - netreconlab/parse-hipaa

GitHubnetreconlab