Skip to main content
Hosting & Infrastructure

HIPAA-Compliant Hosting

Hosting configured with the safeguards and a signed BAA needed to store or transmit PHI.

HIPAA-compliant hosting is web or application hosting configured to meet the requirements of the HIPAA Security Rule, so that protected health information (PHI) can be stored, processed, or transmitted safely.

In practice it combines a signed Business Associate Agreement (BAA), encryption at rest and in transit, access controls, audit logging, and backup and disaster recovery. Hosting alone doesn't make an application compliant, but it is a required foundation.