What is HIPAA?

The United States Health Insurance Portability and Accountability Act of 1996 (HIPAA) was intended to drive adoption of electronic health records, improve healthcare through information sharing, and regulate the security and privacy of Protected Health Information (PHI).

Protected Health Information may include data about patients, billing, clinical care, and lab results. Under HIPAA, privacy laws apply to “covered entities” including hospitals, insurance providers, and research facilities; as well as “business associates” — people and companies who provide services for and on behalf of those covered entities.

A HIPAA-compliant system or application ensures security and privacy of any PHI that is stored, transmitted, or otherwise processed by covered entities and their business associates.

How does Appian Cloud comply with HIPAA?

Appian provides a Business Associate Agreement (BAA) to its customers certifying that their Appian Cloud instances are compliant with HIPAA requirements. Appian Cloud customers can then build, deploy, and utilize business applications that utilize Protected Health Information.

HIPAA Compliance with the Appian Cloud is Fast and Simple

  • Dedicated Cloud Instances
    Each customer’s data and applications are logically isolated from other customer instances.
  • Encryption
    All PHI and other data are encrypted both at rest and in transit.
  • Disaster Recovery
    HIPAA requires all covered entities to implement and document plans to protect data (which is often a complex and costly process). Appian Cloud provides a Disaster Recovery plan ensuring minimal-to-zero loss of PHI and other sensitive data.
  • Access Controls
    Appian Cloud enforces least-privilege access controls for content and processes. In addition, Appian Cloud HIPAA instances provide enhanced access control checks and approvals before Appian Cloud’s support team can access an environment.
  • Auditing
    Access control changes, data access, and data changes are logged in detail for accountability and non-repudiation.

NOTE: While Appian Cloud’s HIPAA offering removes much of the complexity of implementing and maintaining HIPAA compliance, customers are still responsible for the design and administration of their specific business applications to comply with HIPAA.

Interested in HIPAA Compliance?

Appian Cloud customers interested in HIPAA compliance should contact their Account Executive for more information or to execute a BAA.