Is Metabase HIPAA compliant? Are there things one should look out for if working with a PHI containing database and Metabase? If Metabase cannot be HIPAA compliant, is it possible to import a Postgres View rather than the entire database?
Metabase is self-hosted software, and none of your data is sent anywhere. As far as I know, that should comply with HIPAA, but I’m not a lawyer and don’t know every single requirement in HIPAA.
Also read this: US HIPAA for self-hosted Metabase
Does that answer the question?
And yes, you can use a user with limited privileges, so Metabase only has access the data you want it to see.
My understanding is your server where Metabase is setup should maintain compliance. As Metabase is standalone it lives completely on the environment you set it up on. Unfortunately you have to add the entire database to allow access to views but you should be able to hide tables you do not want access to.
You don’t have to add the entire database. You just need to create a user account that only has access to the tables you require.
Yes, thank you very much!
Great! Thank you so much!