Ionic Machina Healthcare Demo

The Machina Healthcare Demo App is a simple web application that illustrates how distinct roles within a customer's application can be defined and used to restrict ePHI access in a HIPAA-compliant manner. The Demo App is based on use case involving a hypothetical business scenario involving a patient, physician and insurance provider.
Read more in our HIPAA and Healthcare Use Case and our Quickstart Guide.
See content from the U.S. Department of Health and Human Services regarding Guidance on HIPAA & Cloud Computing.
See content from the Office of the National Coordinator for Health Information Technology (ONC) regarding Privacy, Security, and HIPAA.

Prerequisites

• Node.js >= 10 is required
• A Machina account with administrator credentials.

You can create a Machina account by selecting Start for Free.

• An AWS account with API key access (see next section: AWS Credentials).
• Supported browsers: Chrome, Firefox, Safari, Opera.

AWS credentials

1. Create an AWS account to store your app's encrypted data

Create AWS account.

2. Create an _Access Key_ for your AWS user.

Use this guide to get your AWS Security Credentials.

Configure and Run the Demo

• Clone the Demo application:

git clone https://github.com/IonicDev/hipaa-healthcare.git

• Using the command line interface, copy the file '.env.example' under the name '.env':
• on FreeBSD / Linux / Mac OS:

cp .env.example .env

• on Windows:

copy .env.example .env

• Fill in the Ionic and AWS values inside of .env file. The following environment variables must be defined to run the server:

| Variable Name             | Description  |
| ------------------------- | ------------ |
| IONIC_ENROLLMENT_ENDPOINT | URL of your Ionic Enrollment Server. Used for SAML assertion generation |
| IONIC_TENANT_ID           | Your Ionic tenant ID |
| IONIC_API_AUTH_TOKEN      | Your Ionic API Key Secret Token (for accessing Management API). Must include SCIM User and Group management scopes |
| AWS_ACCESS_KEY_ID         | Your AWS Access Key ID. This is read by the `aws-sdk` to authenticate requests to DynamoDB |
| AWS_SECRET_ACCESS_KEY     | Your AWS Access Secret Key. This is read by the `aws-sdk` to authenticate requests to DynamoDB |

Details on creating and obtaining these values can be found in our quickstart guide.

• Install dependencies:

npm install

• Run the setup script:

npm run setup

The setup script creates three groups in Machina Dashboard: Patients, Physicians and Insurers.
The setup script also creates Machina Data Marking Values and Data Policies in Machina Dashboard.


To learn more about groups, data markings and data policies, explore the quickstart guide.

• Troubleshoot setup (if needed):

Something went wrong: { UnrecognizedClientException: The security token included in the request is invalid.
    at Request.extractError (/Users/myuser/hipaa-demo/node_modules/aws-sdk/lib/protocol/json.js:51:27)
    at Request.callListeners (/Users/myuser/hipaa-demo/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/Users/myuser/hipaa-demo/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/Users/myuser/hipaa-demo/node_modules/aws-sdk/lib/request.js:683:14)
    at Request.transition (/Users/myuser/hipaa-demo/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/Users/myuser/hipaa-demo/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /Users/myuser/hipaa-demo/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/Users/myuser/hipaa-demo/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/Users/myuser/hipaa-demo/node_modules/aws-sdk/lib/request.js:685:12)
    at Request.callListeners (/Users/myuser/hipaa-demo/node_modules/aws-sdk/lib/sequential_executor.js:116:18)

1. Verify AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are set to the correct values for your AWS User.
• on FreeBSD / Linux / Mac OS:

hipaa-demo $ cat .env

• on Windows:
• cmd or powershell

hipaa-demo $ type .env

• powershell

hipaa-demo $ cat .env

content from .env file:

...
AWS_ACCESS_KEY_ID=YOUR_ACCESSKEYID_HERE
AWS_SECRET_ACCESS_KEY=YOUR_SECRETACCESSKEY_HERE
...

2. Check if AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY have been set in terminal's environment. If so, verify they are set to the correct values for your AWS User.
• on FreeBSD / Linux / Mac OS:
Update on command line with export command, or add export command to ~/.bash_profile.

export AWS_ACCESS_KEY_ID=YOURACCESSKEYIDHERE
export AWS_SECRET_ACCESS_KEY=YOURSECRETACCESSKEYHERE

• on Windows:
Update on command line with set command, or add variables to user environment.

set AWS_ACCESS_KEY_ID=YOURACCESSKEYIDHERE
set AWS_SECRET_ACCESS_KEY=YOURSECRETACCESSKEYHERE

3. Check if AWS command line configuration has been set. If so, verify AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are set to correct values for your AWS User. Update with aws configure command if needed.

aws configure
AWS Access Key ID [****************OYHQ]: YOURACCESSKEYIDHERE
AWS Secret Access Key [****************GXzW]: YOURSECRETACCESSKEYHERE
Default region name [us-east-1]: YOURREGIONHERE
Default output format [None]:

For more on Amazon S3 AWS Regions, see AWS Service Endpoints.

• Run the Demo with the following command:

npm start

• Browse to http://localhost:8080 to explore the Demo and see how the Machina Policy Engine can be used, via Machina keys and Data Policy logic, to grant data access to allowed users.