Xano Documentation
Searchโ€ฆ
๐Ÿ’ก
Start here
โ˜๏ธ Your Xano Account
๐Ÿ’ฒ
Special Discount Pricing
HIPAA
The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA, is a series of regulatory standards that outline the lawful use and disclosure of protected health information

Xano HIPAA Compliance

The Health Insurance Portability and Accountability Act (โ€œHIPAAโ€) requires the protection and confidential handling of protected health information by covered entities. Xano was recently audited and meets all the criteria required for HIPAA compliance.

How Xano keeps data secure and Private

Data Security

All data stored within Xano is encrypted at rest. Transmission of data is done securely over SSL. Access to workspaces is limited to the team settings defined on the instance, which is governed by the owner of the instance. Additionally, all of Xano's servers are hosted on Google Cloud which is fully HIPAA compliant.
To be compliant, you must be on an Enterprise Plan which provides them with a dedicated instance for processing, storing, or transmitting ePHI. Additional workspaces can be used for separating personally identifiable information from the main workspace, or a 3rd party vault server can be used instead.
What ePHI needs to be protected?
Information protected by HIPAA typically includes:
  • Names & birthdates
  • Dates pertaining to a patientโ€™s
    • birth
    • death
    • treatment schedule (illness and medical care)
  • Contact information
    • telephone number(s)
    • physical addresses
    • email
  • Social Security Numbers (SSI)
  • Medical Record Numbers
  • Photographs & digital images
  • Fingerprints
  • Voice recordings
Any other form of unique identification or account number(s).

Data Privacy

The Health Insurance Portability and Accountability Act (โ€œHIPAAโ€) requires the protection and confidential handling of protected health information by covered entities. Apart from having both HIPAA and ISO27001 compliance as a foundation, you are in complete control of how data is collected and stored on your Xano Instance giving you the ultimate flexibility around ensuring your users' data is confidentially and securely stored.

Helping you meet compliance obligations (BAA)

In accordance with HIPAA, Xano is prepared and able to enter into Business Associate Agreement, or BAA. You must have an Enterprise plan to qualify for a BAA.
โ€‹
Last modified 24d ago