How to achieve HIPAA compliance on Aptible
Learn how to achieve HIPAA compliance on Aptible, the leading platform for hosting HIPAA-compliant apps & databases
Overview
Aptible’s story began with a focus on serving digital health companies. As a result, the Aptible platform was designed with HIPAA compliance in mind. It automates and enforces all the necessary infrastructure security and compliance controls, ensuring the safe storage and processing of HIPAA-protected health information and more.
This guide will cover the essential steps for achieving HIPAA compliance on Aptible.
HIPAA-Compliant Production Checklist
Prerequisites: An Aptible account on the Growth Plan or higher
-
Provision a dedicated stack
-
Dedicated stacks live on isolated infrastructure and are designed to support deploying resources with higher requirements— such as HIPAA. Aptible automates and enforces 100% of the necessary infrastructure security and compliance controls for HIPAA compliance. This includes but is not limited to:
-
Network Segregation (see: stacks)
-
Platform Activity Logging (see: activity)
-
Automated Backups & Automated Backup Testing (see: database backups)
-
Database Encryption at Rest (see: database encryption)
-
End-to-end Encryption in Transit (see: database encryption)
-
DDoS Protection (see: DDoS Protection)
-
Automatic Container Recovery (see: container recovery)
-
Intrusion Detection (see: HIDS)
-
Host Hardening
-
Secure Infrastructure Access, Development, and Testing Practices
-
24/7 Site Reliability and Incident Response
-
Infrastructure Penetration Tested
-
-
-
Execute a BAA with Aptible
- When you request your first dedicated stack, an Aptible team member will reach out to coordinate the execution of a Business Associate Agreement (BAA).
After these steps are taken, you are ready to process PHI! 🎉
Here are some optional steps you can take:
-
Review the controls implemented for you, enhance your security posture by implementing additional controls, and share a detailed report with your customers.
-
Show off your compliance with a Secured by Aptible HIPAA compliance badge
-
Set up log retention
- Set up long-term log retention with the use of a log drain. All Aptible log drain integrations offer BAAs.
This document serves as a guide and does not replace professional legal advice. For detailed compliance questions, it is recommended to consult with legal experts or Aptible’s support team.