• Overview
    Key features
    • Observability
    • Auto-scaling
    • Multiframework
    • Security
    Frameworks
    • Django
    • Next.js
    • Drupal
    • WordPress
    • Symfony
    • Magento
    • See all frameworks
    Languages
    • PHP
    • Python
    • Node.js
    • Ruby
    • Java
    • Go
  • Industries
    • Consumer Goods
    • Media/Entertainment
    • Higher Education
    • Government
    • Ecommerce
  • Pricing
  • Featured articles
    • Switching to Platform.sh can help IT/DevOps organizations drive 219% ROI
    • Organizations, the ultimate way to manage your users and projects
  • Support
  • Docs
  • Login
  • Watch a demo
  • Free trial
Meet Upsun. The new, self-service, fully managed PaaS, powered by Platform.sh.Try it now
Blog

Announcing HIPAA-Compliant Cloud Hosting by Platform.sh

featureshipaa
12 July, 2022
Joey Stanford
Joey Stanford
VP, Data Protection & Compliance

If you’ve worked with us before, you know we take security seriously. We take measures necessary to safeguard your sensitive and personally identifiable information and comply with a variety of compliance standards. These include maintaining best security practices and aligning with regulations such as SOC-2, PCI-DSS, and GDPR.

We have also ensured our environments and file systems are encrypted and read-only, and we continuously maintain our library of container images for each version of each service you want to run. Not only that, Platform.sh offers around-the-clock, follow-the-sun support staffed by teams of actual experts.

Now, we’re happy to introduce HIPAA to our list of compliance standards for U.S.-based projects. Why are we introducing HIPAA compliance now? HIPAA, or the Health Insurance Portability and Accountability Act, started as a way to protect personally identifiable health information, or Protected Health Information, from fraud or theft. That type of information includes an individual’s demographic data, health status, medical history, payment for health care, or any information that’s created, received, stored, or transmitted by a HIPAA-covered entity.

Why consider HIPAA cloud compliance now?

The main catalyst was requests from clients. We have had a high demand from existing customers to offer HIPAA compliance for large sites, and as the HIPAA-compliant environment in the U.S. is intensifying it made sense to meet the demand.

What does HIPAA compliance mean for my organization?

Now that Platform.sh is HIPAA-compliant, we are capable of better serving the needs of healthcare providers and any company or organization that deals with protected health information.

If you’ve been hesitant to start a partnership with us before, you can now rest easy knowing that our compliance with HIPAA regulations, along with our suite of security certifications, can help ensure the protection of your customers’ information against any reasonably anticipated threats.

Platform.sh approach to HIPAA-compliant cloud hosting

Platform.sh delivers HIPAA compliance by offering grid and dedicated project clusters on Google Cloud Platform’s HIPAA-secured infrastructure. We verify with third-party auditors that our offerings are compliant, and we follow best practices and OEM instructions for configurations.

Further, we provision each HIPAA-compliant project with a CDN and web application firewall (WAF) for improved security, and we commit to an Enterprise ticket response-time SLA.

As a part of our independent third-party audits, we have been audited on overlapping HIPAA controls. Independent third-party audits provide an external examination of the controls we have added to our infrastructure and operations and ensure our commitment to complying with information security standards and industry best practices.

Please note that there is no certification recognized by the U.S. Department of Health & Human Services for HIPAA compliance. Thus, complying with HIPAA is a shared responsibility between the customer and Platform.sh.

For more information, please visit our HIPAA security documentation. For more general security information, please visit our Trust Center.

Get the latest Platform.sh news and resources
Subscribe

Related Content

CTO insights: lower costs, maintain high quality apps

CTO insights: lower costs, maintain high quality apps

Company
AboutSecurity and complianceTrust CenterCareersPressContact us
Thank you for subscribing!
  •  
Field required
Leader Winter 2023
System StatusPrivacyTerms of ServiceImpressumWCAG ComplianceAcceptable Use PolicyManage your cookie preferencesReport a security issue
© 2024 Platform.sh. All rights reserved.
Supported by Horizon 2020's SME Instrument - European Commission 🇪🇺