HIPAA Compliance Testing for EMR Software

Posted 3 days ago

Worldwide

Summary

We're a multi-location medical spa preparing to launch a custom EMR and patient portal. Before we store real patient health information (PHI), we want an independent, HIPAA-focused security assessment of the application by someone who has done this for healthcare software before. The system (high level): - React/TypeScript web app + a Node.js/Express API - Managed PostgreSQL with row-level security - Cloud/PaaS hosting; role-based staff login + a separate patient portal login - Features: scheduling, patient charts, SMS/in-app messaging, billing Scope of work: 1. HIPAA Security Rule gap assessment — administrative, physical, and technical safeguards vs. 45 CFR 164.308–312 (access control, audit controls, integrity, transmission security, encryption at rest & in transit). 2. Application penetration testing — authenticated and unauthenticated testing of the web app and API: broken access control (can one user reach another patient's PHI?), injection, authentication/session flaws, data exposure, insecure endpoints (OWASP-based). 3. Database & access review — row-level security policies, least-privilege access, and audit-log completeness for every PHI touchpoint. 4. Findings report — prioritized issues with severity, evidence, and concrete remediation steps, plus a plain-English summary of what's needed to be HIPAA-ready before go-live. Deliverables: - Written report (executive summary + technical detail + prioritized fixes) - HIPAA Security Rule gap checklist - Optional re-test after we remediate Ideal candidate: - Proven HIPAA security/compliance work on healthcare or PHI-handling apps - Hands-on web app + API penetration testing - Comfortable with cloud + PostgreSQL security and multi-tenant access controls - Clear written reporting for a non-technical audience - Bonus: can advise on Business Associate Agreements (BAAs) and HIPAA-eligible hosting

  • Less than 30 hrs/week
    Hourly
  • 1-3 months
    Duration
  • Intermediate
    Experience Level
  • $8.00

    -

    $40.00

    Hourly
  • Remote Job
  • Ongoing project
    Project Type
Skills and Expertise
Mandatory skills
Penetration Testing
HIPAA
Activity on this job
  • Proposals:20 to 50
  • Interviewing:
    0
  • Invites sent:
    0
  • Unanswered invites:
    0
About the client
Member since Apr 15, 2020
  • United States
    Charleston5:07 AM
  • $14K total spent
    9 hires, 0 active
  • 579 hours
  • Finance & Accounting
    Small company (2-9 people)

Explore similar jobs on Upwork

AI Compliance
HIPAA
n8n
Twilio
NetSuite Development
NetSuite Administration
Oracle NetSuite

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo