HIPAA

The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA, is a series of regulatory standards that outline the lawful use and disclosure of protected health information

Xano HIPAA Compliance

The Health Insurance Portability and Accountability Act (“HIPAA”) requires the protection and confidential handling of protected health information by covered entities. Xano was recently audited and meets all the criteria required for HIPAA compliance.

To add our HIPAA offering to your Xano plan, navigate to billing, select change plan, add HIPAA & BAA, and complete your checkout.

How Xano keeps data secure and Private

Data Security

All data stored within Xano is encrypted at rest. Transmission of data is done securely over SSL. Access to workspaces is limited to the team settings defined on the instance, which is governed by the owner of the instance. Additionally, all of Xano's servers are hosted on Google Cloud, which is fully HIPAA compliant.

HIPAA compliance can be added as an upgrade to the Scale plan and above for $500/mo and comes with a signed BAA with your entity. HIPAA compliance comes standard with any Enterprise Plan.

This upgrade migrates your server to a hardened location for processing, storing, or transmitting ePHI. Additional workspaces can be used for separating personally identifiable information from the main workspace, or a 3rd party vault server can be used instead.

What ePHI needs to be protected?

Information protected by HIPAA typically includes:

  • Names & birthdates

  • Dates pertaining to a patient’s

    • birth

    • death

    • treatment schedule (illness and medical care)

  • Contact information

    • telephone number(s)

    • physical addresses

    • email

  • Social Security Numbers (SSI)

  • Medical Record Numbers

  • Photographs & digital images

  • Fingerprints

  • Voice recordings

Any other form of unique identification or account number(s).

Data Privacy

The Health Insurance Portability and Accountability Act (“HIPAA”) requires the protection and confidential handling of protected health information by covered entities. Apart from having both HIPAA and ISO27001 compliance as a foundation, you are in complete control of how data is collected and stored on your Xano Instance giving you the ultimate flexibility around ensuring your users' data is confidentially and securely stored.

Helping you meet compliance obligations (BAA)

In accordance with HIPAA, Xano is prepared and able to enter into Business Associate Agreement, or BAA. HIPAA + BAA can be added as an upgrade to the Scale1x (or higher) plan for $500/mo and comes standard with Xano's Enterprise plan.

Letter of Attestation

Last updated