As part of our commitment to providing customers with a development platform that is secure and compliant by design, today Netlify is announcing our Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliant service offering for enterprise customers handling personal health data. This allows relevant companies to stay compliant with industry-specific regulations while leveraging our frontend cloud. Our HIPAA service offering uses the same advanced security measures offered in our core platform but it’s also undergone an additional audit to ensure compliance with the healthcare data regulation and is suitable for the transmission and processing of Personal Health Information (PHI).
What does HIPAA compliance on Netlify mean for your business?
HIPAA promotes the use of electronic health records while safeguarding the security and privacy of PHI. For healthcare providers and businesses handling PHI, compliance with HIPAA is not just a regulatory obligation but a crucial component of maintaining trust with patients and clients.
Netlify is considered a business associate for our healthcare customers, who must comply with HIPAA. With this announcement of HIPAA compliance, enterprise customers handling PHI can now execute a Business Associates Agreement (BAA) with Netlify.
Empower your development with secure architectures
Security in the cloud is a shared responsibility—one we don’t take lightly. To make it easier, we’ve created secure reference architectures to assist customers in developing applications that must meet regulatory or special data processing requirements in the healthcare space and beyond. You can learn more about our security offerings and how we safeguard your infrastructure here.
Advanced security measures for peace of mind
Our HIPAA service offering builds on the robust security measures already embedded in Netlify’s core platform. However, it has undergone an additional, rigorous audit to ensure full compliance with healthcare data regulations. Some of the key security features include:
- End-to-end encryption: Ensuring all customer data is encrypted both in transit and at rest.
- Vulnerability and patch management: Regular internal and third-party penetration testing, alongside ongoing patch management, to identify, mitigate, and address potential security risks.
- Access control: Strict control mechanisms to ensure that only authorized personnel can access sensitive data.
HIPAA compliance is the latest addition to our growing list of industry-standard certifications, including AICPA SOC 2 Type 2, ISO 27001, ISO 27018, and PCI DSS v4.0. Our security-first approach ensures that your web applications not only meet regulatory requirements but also maintain the highest standards of data protection.
Get started with HIPAA compliance on Netlify
We’re dedicated to providing the tools and support you need to deliver secure, compliant web applications at scale. If you’re ready to take advantage of our HIPAA-compliant service offering, our sales and solution engineering teams are here to help you get started.
If you want to do additional research on your own and learn more about our HIPAA-compliant service offering, visit our Trust Center, where you can explore the full range of compliance standards and security practices we adhere to.