Trust & Security

DigitalOcean and HIPAA: Enabling Healthcare Innovation on our Platform

Manager, Trust and Governance

Posted: July 1, 20242 min read

DigitalOcean and HIPAA: Enabling Healthcare Innovation on our Platform

DigitalOcean is excited to announce that select DigitalOcean products can now be used to host electronic Protected Health Information (ePHI)! This milestone allows Covered Entities and Business Associates, such as telehealth providers, healthcare software applications, and HealthTech organizations to build and scale sensitive workloads regulated under the U.S. Health Insurance Portability and Accountability Act (HIPAA) on the Developer Cloud leveraging select DigitalOcean covered products.

Covered Products

DigitalOcean products that can now be used to process HIPAA workloads are as follows:

  • Droplets
  • Volumes Block Storage
  • Volumes Block Storage Snapshots
  • Spaces Object Storage
  • Custom Images
  • Virtual Private Cloud
  • Firewalls
  • Reserved IPs
  • Droplet Backups
  • Kubernetes
  • Container Registry
  • Load Balancers as a Service (LBaaS)

How we got here

We understand how important it is to our customers to be able to host HIPAA workloads on select DigitalOcean services, so DigitalOcean conducted a rigorous review of our systems and services in accordance with HIPAA’s requirements to allow customers to host electronic Protected Health Information (ePHI) on covered products.

DigitalOcean maintains SOC 2, SOC 3, CSA STAR Level 1, and APEC PRP certifications. We also comply with all applicable laws. With a robust set of common controls that cover asset management, configuration management, data management, identity and access management, systems monitoring, network operations, risk management, and several more, we help to better protect customer data. These controls extend to customers running HIPAA workloads on covered DigitalOcean products. See all of DigitalOcean’s certifications >

Processing HIPAA workloads on DigitalOcean

Customers who wish to process HIPAA workloads on covered products must review and accept DigitalOcean’s Business Associate Agreement (BAA). Existing customers can request a BAA through their Customer Success representative while new customers can request a BAA by contacting sales.

DigitalOcean has published HIPAA Architecture Guidance to provide best practices to customers on how to use the covered product suite. To receive a copy of the HIPAA Architecture Guidance, please chat with an expert.

Have additional questions? Check out our new HIPAA information site for more information, frequently asked questions, and additional resources.

Share

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!Sign up

Related Articles

Regresshion vulnerability: Recommended actions and steps we've taken
trust-security

Regresshion vulnerability: Recommended actions and steps we've taken

July 2, 20247 min read

Announcing the Public Launch of DigitalOcean’s Paid Bug Bounty Program
trust-security

Announcing the Public Launch of DigitalOcean’s Paid Bug Bounty Program

Senior Manager, Product Security

April 5, 20244 min read

Fine-Grained RBAC For GitHub Action Workflows With GitHub OIDC and HashiCorp Vault
trust-security

Fine-Grained RBAC For GitHub Action Workflows With GitHub OIDC and HashiCorp Vault

Senior Manager, Product Security

February 3, 202328 min read