Hi, I'm researching the feasibility of running a healthcare app on the AppEngine cloud. I've read through the AE terms of service and they don't say much about the actual security guidelines other than deferring to the boilerplate Google security policy. I have no doubt there are internal documents detailing the exact security guarantees provided by Google's infrastructure, but that information is not readily available to the public.
It's been a full year since the last time HIPAA was discussed in this group. Now that SSL support has been enabled, data transfer constraints can be met with ease. So, what's the story today with GAE and HIPAA compliance? Are the App Engine's data storage and transfer mechanisms compatible with the guidelines set out by HIPAA? Google Apps documentation has quite a bit more security information, such as specifying annual SAS 70 Type II audits. I'm not familiar with this particular security audit, but some quick research seems to indicate that SAS 70 audit controls are mostly a superset of HIPAA guidelines. However, there are some aspects of HIPAA compliance that seem to be difficult to implement in a distributed database system, so any reassurances from the Google App Engine folks in this regard would be most appreciated. Thanks! Ken --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---