HIPAA - Health Insurance Portability and Accountability Act

As organizations transition to the cloud, security and privacy are important considerations for customers. The healthcare industry is particularly concerned with safeguarding protected health information or “PHI” as many healthcare organizations are regulated by the US Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA  establishes the security and privacy requirements for storing, transmitting, using, and disclosing PHI. As a result, cloud providers that want to provide services to HIPAA-regulated customers must comply with various HIPAA-related obligations. 

Red Hat is pleased to announce that Red Hat is prepared to act as a business associate to service these specific Red Hat Online Service offerings. This enables these HIPAA-qualified services to be used by HIPAA-covered entities who are required to protect PHI, such as healthcare providers, healthcare insurance companies, and organizations associated with HIPAA covered entities. Customers who want to build healthcare applications on those Red Hat online services that are HIPAA qualified should contact your account representative to enter into the Red Hat Business Associate Agreement (BAA).

The following Red Hat Online Services are HIPAA Qualified. 

*These Red Hat HIPAA-Qualified Online Services are limited to “Customer Cloud Subscriptions” which means they are Red Hat Online Services where the customer separately purchases or procures the underlying hosting infrastructure services from a cloud provider.

Validated and supported compliance automation profiles are available for the versions of RHEL listed below. 

• Red Hat HIPAA Implementation Guide
• Red Hat Cloud Services are now HIPAA Ready

For information about Microsoft Azure Red Hat OpenShift (ARO), please see Azure compliance documentation