HIPAA Compliance Testing for EMR Software
Worldwide
We're a multi-location medical spa preparing to launch a custom EMR and patient portal. Before we store real patient health information (PHI), we want an independent, HIPAA-focused security assessment of the application by someone who has done this for healthcare software before. The system (high level): - React/TypeScript web app + a Node.js/Express API - Managed PostgreSQL with row-level security - Cloud/PaaS hosting; role-based staff login + a separate patient portal login - Features: scheduling, patient charts, SMS/in-app messaging, billing Scope of work: 1. HIPAA Security Rule gap assessment — administrative, physical, and technical safeguards vs. 45 CFR 164.308–312 (access control, audit controls, integrity, transmission security, encryption at rest & in transit). 2. Application penetration testing — authenticated and unauthenticated testing of the web app and API: broken access control (can one user reach another patient's PHI?), injection, authentication/session flaws, data exposure, insecure endpoints (OWASP-based). 3. Database & access review — row-level security policies, least-privilege access, and audit-log completeness for every PHI touchpoint. 4. Findings report — prioritized issues with severity, evidence, and concrete remediation steps, plus a plain-English summary of what's needed to be HIPAA-ready before go-live. Deliverables: - Written report (executive summary + technical detail + prioritized fixes) - HIPAA Security Rule gap checklist - Optional re-test after we remediate Ideal candidate: - Proven HIPAA security/compliance work on healthcare or PHI-handling apps - Hands-on web app + API penetration testing - Comfortable with cloud + PostgreSQL security and multi-tenant access controls - Clear written reporting for a non-technical audience - Bonus: can advise on Business Associate Agreements (BAAs) and HIPAA-eligible hosting
- Less than 30 hrs/weekHourly
- 1-3 monthsDuration
- IntermediateExperience Level
$8.00
-
$40.00
Hourly- Remote Job
- Ongoing projectProject Type
Skills and Expertise
Activity on this job
- Proposals:20 to 50
- Interviewing:0
- Invites sent:0
- Unanswered invites:0
About the client
- United StatesCharleston5:07 AM
- $14K total spent9 hires, 0 active
- 579 hours
- Finance & AccountingSmall company (2-9 people)
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by