#data-privacy

Architect HIPAA-compliant patient data storage system. Requirements: 1. Data encryption at rest (AES-256). 2. Data encryption in transit (TLS 1.3). 3. Role-Based Access Control (RBAC). 4. Audit logging of all access events. 5. Business Associate Agreement (BAA) with could provider. 6. Automated backup and disaster recovery. 7. De-identification mechanisms for research. 8. Intrusion Detection System (IDS). Include breach notification protocol.

Handle data privacy requests. Process: 1. Acknowledge request within required timeframe. 2. Verify customer identity securely. 3. Explain what data you hold. 4. Provide data export in readable format. 5. Process deletion requests per policy. 6. Confirm completion of request. 7. Explain data retention requirements. 8. Document all requests for compliance. Follow GDPR/CCPA requirements strictly.