-
Notifications
You must be signed in to change notification settings - Fork 5.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding HIPAA docs, removing deprecated migration plan (#11729)
- Loading branch information
Showing
7 changed files
with
47 additions
and
63 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -70,9 +70,6 @@ | |
} | ||
} | ||
}, | ||
"workspaces-and-credits-faq": { | ||
"display": "children" | ||
}, | ||
"abuse": { | ||
"display": "children" | ||
}, | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,6 @@ | ||
{ | ||
"index": "Privacy and Security", | ||
"best-practices": "Security best-practices", | ||
"hipaa": "HIPAA compliance", | ||
"pgp-key": "PGP key" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# HIPAA compliance | ||
|
||
Pipedream can [sign Business Associate Addendums (BAAs)](#signing-a-business-associate-addendum) for covered entities or business associates intending to pass PHI to Pipedream. We can also provide a third-party SOC 2 report detailing our HIPAA-related controls. | ||
|
||
## HIPAA-eligible services | ||
|
||
- [Workflows](/workflows) | ||
- [Event sources](/sources) | ||
- [Data stores](/data-stores) | ||
- [Destinations](/destinations) | ||
|
||
### Ineligible services | ||
|
||
Any service not listed in the [HIPAA-eligible services](#hipaa-eligible-services) section is not eligible for use with PHI under HIPAA. Please reach out to [Pipedream support](https://pipedream.com/support) if you have questions about a specific service. | ||
|
||
The following services are explicitly not eligible for use with PHI under HIPAA. | ||
|
||
- [v1 workflows](/migrate-from-v1) | ||
- [File stores](/file-stores) | ||
|
||
## Your obligations as a customer | ||
|
||
If you are a covered entity or business associate under HIPAA, you must ensure that [you have a BAA in place with Pipedream](#signing-a-business-associate-addendum) before passing PHI to Pipedream. | ||
|
||
You must also ensure that you are using Pipedream in a manner that complies with HIPAA. This includes: | ||
|
||
- You may only use [HIPAA-eligible services](#hipaa-eligible-services) to process or store PHI | ||
- You may not include PHI in Pipedream resource names, like the names of projects or workflows | ||
|
||
## Signing a Business Associate Addendum | ||
|
||
Pipedream is considered a Business Associate under HIPAA regulations. If you are a Covered Entity or Business Associate under HIPAA, you must have a Business Associate Agreement (BAA) in place with Pipedream before passing PHI to Pipedream. This agreement is an addendum to our standard terms, and outlines your obligations as a customer and Pipedream's obligations as a Business Associate under HIPAA. | ||
|
||
Please request a BAA by visiting [https://pipedream.com/support](https://pipedream.com/support). | ||
|
||
## Requesting information on HIPAA controls | ||
|
||
Please request compliance reports from [https://pipedream.com/support](https://pipedream.com/support). Pipedream can provide a SOC 2 Type II report covering Security controls, and a SOC 2 Type I report for Confidentiality and Availability. In 2025, Pipedream plans to include Confidentiality and Availability controls in our standard Type II audit. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters