Knack HIPAA version

Is anyone using the HIPAA compliant version of Knack?

Hi Dean - Happy to answer questions if you want to reach out to us. Visit HIPAA Compliant Application and Database Builder/Development and complete the form :slight_smile:

Hey Steve thanks for the response but I have spoken to someone in your group before about HIPAA but at some point I may need to do a quick update but I think I understand the basic aspects. I have a multi-tenant app on Knack that I am looking at using in a specific area of the health industry and my question here was more for users that may have insights of areas that may need to be addressed as to security risks. I found one related to the Details view that I discussed with support. We figured out a hack to close the potential for PHI to be leaked albeit the risk was remote but possible. Just looking to see if anyone has had any other similar experiences.

Hello! I’m using it. The only potential risk our team has faced is that we wanted to use file attachments to save test results, but at the last minute we realized this would have been risky, since files are technically public (if you guess the link).

I would interested to know more about what you are doing on the app and share my experience, speaking of “guessing links” and see how you may be handling it if you are. I don’t want to expose weaknesses in the HIPAA app on a public forum but would prefer a direct message or email if possible. Thanks - Dean

Also sent you a DM here about our issue - Dean

Yes, Files are public but you can make that file private as knack gives an option to make files private .

1 Like

It looks to me that even with the secure setting there is the possibility of public access if the link is exposed. It is only secure in the app.

  • Required: If checked, this field must have a value before a record can be added or updated.
  • Secure: Setting to Yes after your users have already uploaded files via this field means that any links they were using to access those files will no longer work. Every time a user accesses a secured file via one of the new Live App Knack URL links, a check is run to make sure that the Page, View, and field on which the user found the link to the file still exists; this way, for example, if you accidentally show a link to a file on a certain view and remove it later, users who saved that link will no longer be able to access the file through it.

Files uploaded to a field with Secure set to yes will still be accessible if the direct URL to the file is used. This allows the file to be shared in emails or as needed without requiring someone to log into the Live App. Only the URLs to the file displayed in a Live App page will follow the rules that are in place for that page.

1 Like

yes, exactly that’s what worried us. Our “solution” was to never use file fields xD