HIPAA
The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA, is a series of regulatory standards that outline the lawful use and disclosure of protected health information
Last updated
The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA, is a series of regulatory standards that outline the lawful use and disclosure of protected health information
Last updated
The Health Insurance Portability and Accountability Act (“HIPAA”) requires the protection and confidential handling of protected health information by covered entities. Xano was recently audited and meets all the criteria required for HIPAA compliance.
To add our HIPAA offering to your Xano plan, navigate to billing, select change plan, add HIPAA & BAA, and complete your checkout.
All data stored within Xano is encrypted at rest. Transmission of data is done securely over SSL. Access to workspaces is limited to the team settings defined on the instance, which is governed by the owner of the instance. Additionally, all of Xano's servers are hosted on Google Cloud, which is fully HIPAA compliant.
HIPAA compliance can be added as an upgrade to the Scale plan and above for $500/mo and comes with a signed BAA with your entity. HIPAA compliance comes standard with any Enterprise Plan.
This upgrade migrates your server to a hardened location for processing, storing, or transmitting ePHI. Additional workspaces can be used for separating personally identifiable information from the main workspace, or a 3rd party vault server can be used instead.
What ePHI needs to be protected?
Information protected by HIPAA typically includes:
Names & birthdates
Dates pertaining to a patient’s
birth
death
treatment schedule (illness and medical care)
Contact information
telephone number(s)
physical addresses
Social Security Numbers (SSI)
Medical Record Numbers
Photographs & digital images
Fingerprints
Voice recordings
Any other form of unique identification or account number(s).
The Health Insurance Portability and Accountability Act (“HIPAA”) requires the protection and confidential handling of protected health information by covered entities. Apart from having both HIPAA and ISO27001 compliance as a foundation, you are in complete control of how data is collected and stored on your Xano Instance giving you the ultimate flexibility around ensuring your users' data is confidentially and securely stored.
In accordance with HIPAA, Xano is prepared and able to enter into Business Associate Agreement, or BAA. HIPAA + BAA can be added as an upgrade to the Scale1x (or higher) plan for $500/mo and comes standard with Xano's Enterprise plan.
