Learn how we protect health information and support your organization's privacy goals.
The United States' Health Insurance Portability and Accountability Act (“HIPAA”) is a federal law that established national standards to protect a patient's protected health information (“PHI”) or electronic protected health information (“ePHI”) from being disclosed without the patients' consent or knowledge. HIPAA applies to both “Covered Entities,” (e.g., healthcare providers, health plans, and healthcare clearinghouses) and “Business Associates,” who complete activities, at the Covered Entity's request, that involve the use or disclosure of PHI and/or ePHI. In the context of a cloud service provider, HIPAA enforces the HIPAA Security Rule, which aims to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI) while allowing Covered Entities and Business Associates to adopt new technologies to improve the quality and efficiency of patient care.
The Company provides security, privacy, and risk management features intended to support customers with their internal HIPAA adherence and assessment efforts. The information in this section describes certain capabilities, tools, and transparency resources available through the Company’s services and is provided for informational purposes only. These features do not constitute a representation or guarantee of HIPAA adherence.
Customers are responsible for evaluating whether the services they deploy are configured, monitored, and governed in a manner appropriate for their compliance obligations. Customers may access additional information and supporting documentation to assist in their further evaluation of the following areas:
Customers are responsible for uploading ePHI exclusively to DigitalOcean's HIPAA Eligible products.
While DigitalOcean provides TLS for web communications and full disk encryption for workstations, customers are responsible for ensuring that ePHI is appropriately encrypted at rest and in transit within their specific applications.
DigitalOcean provides infrastructure in multiple regions; however, customers are responsible for implementing their own backup strategies to ensure the availability of copies of ePHI as the customer may require.
Customers are responsible for managing their own user accounts, permissions, and authentication settings for the applications they build on DigitalOcean.
DigitalOcean's independent HIPAA attestation report, which evaluates our information security program against HIPAA Security Rule and HITECH Breach Notification criteria, is available on our Security Reports & Certifications Center.
From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
