Hey all!
I'm considering using Xano's HIPAA program and want to understand whether I need to implement additional encryption measures for PHI data myself.
Originally, I was planning to do two things to enhance security:
Encrypt PHI data using a KMS key.
Use a hashed user ID for relational data, so that if there is a data leak, the relational data wouldn't be directly linked to a specific user.
Does Xano's HIPAA program already cover these concerns (e.g., encrypting PHI data at rest and in transit), or would I still need to implement these security measures on my end?
Would love to hear insights from anyone familiar with how Xano handles encryption in the HIPAA program!
Thanks in advance!