Knack HIPAA version

DeanBozzan62116 · August 12, 2022, 5:05am

Is anyone using the HIPAA compliant version of Knack?

Steve · August 12, 2022, 1:10pm

Hi Dean - Happy to answer questions if you want to reach out to us. Visit HIPAA Compliant Application and Database Builder/Development and complete the form

DeanBozzan62116 · August 13, 2022, 7:34pm

Hey Steve thanks for the response but I have spoken to someone in your group before about HIPAA but at some point I may need to do a quick update but I think I understand the basic aspects. I have a multi-tenant app on Knack that I am looking at using in a specific area of the health industry and my question here was more for users that may have insights of areas that may need to be addressed as to security risks. I found one related to the Details view that I discussed with support. We figured out a hack to close the potential for PHI to be leaked albeit the risk was remote but possible. Just looking to see if anyone has had any other similar experiences.

piracalamina · August 15, 2022, 2:06pm

Hello! I’m using it. The only potential risk our team has faced is that we wanted to use file attachments to save test results, but at the last minute we realized this would have been risky, since files are technically public (if you guess the link).

DeanBozzan62116 · August 15, 2022, 5:30pm

I would interested to know more about what you are doing on the app and share my experience, speaking of “guessing links” and see how you may be handling it if you are. I don’t want to expose weaknesses in the HIPAA app on a public forum but would prefer a direct message or email if possible. Thanks - Dean

DeanBozzan62116 · August 15, 2022, 5:38pm

Also sent you a DM here about our issue - Dean

Sunny_Singla · August 15, 2022, 5:54pm

Yes, Files are public but you can make that file private as knack gives an option to make files private .

DeanBozzan62116 · August 15, 2022, 6:30pm

It looks to me that even with the secure setting there is the possibility of public access if the link is exposed. It is only secure in the app.

Required: If checked, this field must have a value before a record can be added or updated.
Secure: Setting to Yes after your users have already uploaded files via this field means that any links they were using to access those files will no longer work. Every time a user accesses a secured file via one of the new Live App Knack URL links, a check is run to make sure that the Page, View, and field on which the user found the link to the file still exists; this way, for example, if you accidentally show a link to a file on a certain view and remove it later, users who saved that link will no longer be able to access the file through it.

Files uploaded to a field with Secure set to yes will still be accessible if the direct URL to the file is used. This allows the file to be shared in emails or as needed without requiring someone to log into the Live App. Only the URLs to the file displayed in a Live App page will follow the rules that are in place for that page.

piracalamina · August 16, 2022, 11:47am

yes, exactly that’s what worried us. Our “solution” was to never use file fields xD

DeanBozzan62116 · December 14, 2022, 8:07pm

@Kara I know you can’t read years of posts and react to all of them but I wanted to bring to your attention that the app has issues when it comes to HIPAA compliance which Knack offers at a premium price along with a signed BAA which implies assumption of liability in a HIPAA compliant environment. Essentially the medical provider depends on all the contractors to take liability for their product along the way in case of a breach of client information. The problem is that the HIPAA compliant server essentially uses the same software app which has leaks that increase everyone’s potential for breach and liability and no way to change settings to stop them. We have looked into moving to a HIPAA compliant server environment but the unknown places where data leaks are a liability for everyone.

Kara · February 20, 2023, 3:24am

To close the loop here, we resolved the issue Dean brought up about 2 weeks ago (unrelated to secure file fields).
Cheers,
Kara

DeanBozzan62116 · February 21, 2023, 5:06am

@Kara Thanks Kara I appreciate how your team made this a priority to work through. I have not had a chance to test yet, but I plan to. As we coded around it, I need to test in an environment without our hack to the issue. With the expectation that this is fixed, we are back in the planning stages for some projects that will require a HIPAA environment. I just sent a message to inquire about some tactical questions to implement such a strategy, so hopefully, I will start some dialogue with support tomorrow when they see it. - Dean

Topic		Replies	Views
User authentication for downloads Feature Requests	6	306	July 27, 2015
Knack Files Knack Community	7	372	July 18, 2023
Can anyone access my uploaded files? Get Answers	1	319	May 27, 2021
API request - Hippa error message API & Customization	0	321	September 16, 2019
API key security exposed API & Customization	4	368	November 24, 2019

Knack HIPAA version

Related Topics