Health Records viability

Hi, I apologise for my beginner knowledge. As far as an application for Storj, is it possible to use Storj as a database to store medical records that only a creator or anyone they have approved to have access?

1 Like

Welcome to the forum @gittyswann !

Storj is not HIPAA compliant unless you are outside United States. Are those medical records of US citizens?

I am based in Australia so technically yes. I guess that would be a question of who uses it as if someone in America wanted to use it I would then be in trouble.
Thanks for updating me on HIPAA. Is this explained further by anyone?

You can ask any further doubts here and someone with the knowledge will respond.

Technically platform can help to achieve the goal. But regulatory requirements should be reached too, only technical readiness is not enough.
As @nerdatwork said, Tardigrade currently is not compliant with HIPAA.

Yes, I can see this being an issue for European and US users. I can’t see a way around this for now but if I restrict storage features to Australia I may be able to get away with it. It’s one of those situations where technolgy changes after laws are written.

This is the main reason of not compliance :slight_smile:
You cannot restrict the country for storage at the moment. The node selection is random (your uplink will request 110 random nodes from the satellite) and 80 fastest from them for your location will store most of your data, however, it’s not guarantee, that all parts will be in Australia.

1 Like

So just as an explanation of what I am trying to achieve, I am looking to make a social enterprise where patients can use electronic supports which they can then allow practicioners to see and give feedback. The more I think about this, the more I think this may be done at a transaction level rather than a file level. So this may be best using the multi-cast feature of Corda.
BUT, the evolution of this would involve a file management feature. If this feature (using Storj) was restricted to locations which allow overseas data storage (and any other privacy requirements) I can still develop this until such point that technology or laws change.

1 Like

I think you need to consult with your local regulators, because I’m not aware of any decentralized storage solutions compliant with HIPAA (or its analogue) at the moment.

HIPAA is American so I’ll be right if I stay within Australia. As long as the Australian rules allow.

Yes, I understand. What I mean by this is people residing in Australia and complying to Australian law may be able to use a feature that uses Storj for document storage of personal files but I would have to restrict this feature to people in Australia.