cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
jeff_catch
New Member

Configure/Secure Power Pages for PHI and Medical data

I am looking to build a Power Pages site that contains embedded Power BI reports which contain PHI.  Is Power Pages able to legally and securely do this?

1 ACCEPTED SOLUTION

Accepted Solutions
hugobernier
Administrator
Administrator

You may want to take a look at this article, which shows how to embed a report in a secure portal or website like Power Pages.

 

As for whether it is "legally and securely able to do this", you'll have to make sure your entire configuration is secure, and consider using row-level and object-level security, use a secure embedded code, secure your site, and make sure that your data source is secure, that you have established proper access controls and that it does not contain unnecessary PII or PHI for which you have no valid business reason for storing (a.k.a. the "we keep everything forever" retention policy 😉). You also have to consider your organization's internal processes are in compliance. 

 

Ultimately, you have to evaluate the system according to your organization's security standards; don't let anybody else tell you whether it is secure enough for your needs or not. But I'm sure you already know that!

 

For more information, take a look at the Health Insurance Portability and Accountability Act & Health Information Technology for Economic and... compliance offerings documentation.

 

I hope this helps?!

View solution in original post

2 REPLIES 2
hugobernier
Administrator
Administrator

You may want to take a look at this article, which shows how to embed a report in a secure portal or website like Power Pages.

 

As for whether it is "legally and securely able to do this", you'll have to make sure your entire configuration is secure, and consider using row-level and object-level security, use a secure embedded code, secure your site, and make sure that your data source is secure, that you have established proper access controls and that it does not contain unnecessary PII or PHI for which you have no valid business reason for storing (a.k.a. the "we keep everything forever" retention policy 😉). You also have to consider your organization's internal processes are in compliance. 

 

Ultimately, you have to evaluate the system according to your organization's security standards; don't let anybody else tell you whether it is secure enough for your needs or not. But I'm sure you already know that!

 

For more information, take a look at the Health Insurance Portability and Accountability Act & Health Information Technology for Economic and... compliance offerings documentation.

 

I hope this helps?!

jeff_catch
New Member

Thanks Hugo,

This is very useful.  I appreciate the response.

Jeff

Helpful resources

Announcements
Microsoft 365 Conference – December 6-8, 2022

Microsoft 365 Conference – December 6-8, 2022

Join us in Las Vegas to experience community, incredible learning opportunities, and connections that will help grow skills, know-how, and more.

Top Solution Authors
Top Kudoed Authors
Users online (4,858)