Newsletter Blog Partner Programs Academy Contact us
Products
Compute Instances Managed Kubernetes DBaaS Object Storage Block Storage GPU Servers
All products
Marketplace
Pricing
Resources
Documentation API Integration Support
Changelog
Register
Products Compute Instances Managed Kubernetes DBaaS Object Storage Block Storage GPU Servers
All products
Marketplace
Pricing
Resources Documentation API Integration Support
What's new
HIPAA

Health Insurance Portability and Accountability Act

Exoscale provides cloud infrastructure designed to help customers comply with HIPAA—the U.S. law governing the security and privacy of protected health information (PHI). Our controls and processes support customers with robust data protection for sensitive medical records, ensuring confidentiality, integrity, and availability.
Access compliance center

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law that sets requirements for the privacy, security, and breach notification of protected health information (PHI).

HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses (“covered entities”) as well as their suppliers (“business associates”) who have access to PHI.

To be HIPAA compliant, an organization must implement administrative, physical, and technical safeguards to protect PHI—covering everything from data encryption to staff training, risk assessment, and incident response.

When using Exoscale, covered entities and business associates must ensure proper configuration, management, and controls for workloads involving PHI.

FAQ

Does HIPAA apply to cloud services?

Yes, HIPAA applies to any cloud provider that stores, processes, or transmits PHI on behalf of a covered entity or business associate. Such providers are considered business associates under HIPAA and must implement all required safeguards. Covered entities are required to sign a Business Associate Agreement (BAA) with any cloud provider handling PHI.

Exoscale

Contact our Compliance Team

Need information on HIPAA compliance, BAAs, or health data hosting? Contact our Compliance Team—we’re ready to support your regulatory, contractual, and security needs.