Does anyone know of a HIPPA compliant Geocoder?
At Washington State Department of Social and Health Services (DSHS), we have devised a specific approach to meeting this need. You may find our requirements and solution to be useful examples in your search. See the WA DSHS Geospatial Data Confidentiality Guidelines, section 6. Remote Geospatial Services for disposition and requirements.
We have participated in the development and operational maintenance of the Washington Master Addressing Services (WAMAS) system and are using it as our solution.
Cheers and good luck,
Check out Texas A&M University Georservices:
Texas A&M Geoservices Privacy & Security
Data Security Agreements & IRBsIf you are an academic or government researcher working on health or other secure data, you may need to do an Institutional Review Board (IRB) application to get your data geocoded. We have done this many times and to help researchers use our services. Contact us to help you through this process.
If you are an academic or government researcher working on health or other secure data, you may need to do an Institutional Review Board (IRB) application to get your data geocoded. We have done this many times and to help researchers use our services. Contact us to help you through this process.
ArcGIS Desktop and ArcGIS Server are on-prem software that can be used in a completely private and secure environment to comply with HIPAA requirements. Add StreetMap Premium for geocoding services with up to date data.
I've just published an executive brief on HIPAA compliant geocoding - on premise or in the cloud. See the paper here: HIPAA Compliant Geocoding in the Cloud | LinkedIn
As previously mentioned, the only way to be truly HIPPA compliant would be to build your own locator and deploy your geocoder on-premises behind your Organizational firewall.
Use the World Geocoding Service at your own risk. Although Esri does not store batch geocoding requests, sending customer data over the internet can break HIPPA compliance. Make sure to check your organization's data privacy requirements before sending customer data to any geocoder that's not behind your organizational firewall.
I think Victor has a valid point: if it were me, I'd get the zip code polygons for my area of interest and use them locally...
Este's post regarding our partner that provides an API service is great for those people who must use a web API service. Otherwise you may need an on-site ArcGIS software and data solution.
As Joe mentions, when address point data is not needed you may aggregate to geographic boundaries, like ZIP codes. ArcGIS Maps for Office is the easiest way to aggregate data in Excel to ZIP code boundaries and upload to ArcGIS Online.
You are smart to ask this question, since patient address data is considered PHI. Per the rules, the only part of an address that is not PHI are the first three digits of the ZIP code provided it contains more than 20,000 people.
There are a couple of different HIPAA-compliant geocoders. You can see a comparison of them in this article:
Most of the popular geocoders are not HIPAA compliant and will not sign a BAA. This includes Google Maps Platform, Bing Maps, HERE, Census Geocoder, and so forth. (A full list of the non-compliant geocoders is in the article above).
Retrieving data ...