I am writing an application to be used potentially by doctors to keep in notes about patients (my app is not targeted for doctors but other professions don't need such strict rules).
My app is written in nodejs and only the backend can access the database with an authenticated user account and following all common security practices such as firewall rules etc.
I read about HIPAA compliance but most of them don't apply because no user specifically has access to the database unless it's coming from the API of the backend for which of course you need to authenticate against my app with SSL.
How can I be confident that doctors can use my app? Is there any authentication test/certificate etc?
The mongodb website has a great example of Hippa compliance standard,I think the following will help you: https://www.mongodb.com/blog/post/making-hipaa-compliant-applications-mongodb