Heroku HIPAA Compliance

后端未结

关注

 4  1415

时光取名叫无心 2021-02-19 15:26

Is it possible to run apps on Heroku that are HIPAA compliant? More specifically, I need two apps, one that stores member information and another that stores private health info

4条回答

青春惊慌失措 (楼主)

2021-02-19 15:52

Heroku has announced their Shield accounts that will provide HIPAA compliance.

From the link

 The Shield Private Dyno includes an encrypted ephemeral file system
 and restricts SSL termination from using TLS 1.0 which is considered 
 vulnerable. Shield Private Postgres further guarantees that data is 
 always encrypted in transit and at rest. Heroku also captures a high 
 volume of security monitoring events for Shield dynos and databases 
 which helps meet regulatory requirements without imposing any extra 
 burden on developers.

That may or may not obviate the need for BAA's, MOU's, etc.

0 讨论(0)

查看其它4个回答