HIPAA Compliance


What is HIPAA?

The United States Health Insurance Portability and Accountability Act of 1996 (HIPAA) was intended to drive adoption of electronic health records, improve healthcare through information sharing, and regulate the security and privacy of Protected Health Information (PHI).

Protected Health Information may include data about patients, billing, clinical care, and lab results. Under HIPAA, privacy laws apply to “covered entities” including hospitals, insurance providers, and research facilities; as well as “business associates” — people and companies who provide services for and on behalf of those covered entities.

A HIPAA-compliant system or application ensures security and privacy of any PHI that is stored, transmitted, or otherwise processed by covered entities and their business associates.

How does Appian Cloud comply with HIPAA?

Appian provides a Business Associate Agreement (BAA) to its customers certifying that their Appian Cloud instances are compliant with HIPAA requirements. Appian Cloud customers can then build, deploy, and utilize business applications that utilize Protected Health Information.

The Appian Cloud Platform enables HIPAA compliance in the following ways:


  • Dedicated Cloud Instances: Each customer’s data and applications are logically isolated from other customer instances.
  • Encryption: All PHI and other data are encrypted both at rest and in transit.
  • Disaster Recovery: HIPAA requires all covered entities to implement and document plans to protect data (which is often a complex and costly process). Appian Cloud provides a Disaster Recovery plan ensuring minimal-to-zero loss of PHI and other sensitive data.
  • Access Controls: Appian Cloud enforces least-privilege access controls for content and processes. In addition, Appian Cloud HIPAA instances provide enhanced access control checks and approvals before Appian Cloud’s support team can access an environment.
  • Auditing: Access control changes, data access, and data changes are logged in detail for accountability and non-repudiation.

While Appian Cloud’s HIPAA offering removes much of the complexity of implementing and maintaining HIPAA compliance, customers are still responsible for the design and administration of their specific business applications to comply with HIPAA.

Appian Cloud customers who are interested in HIPAA compliance should contact their Appian Account Executive for more information or to execute a BAA.

New to Appian? E-mail info@appian.com to learn more.