How does OutSystems support HIPAA compliance?

The United States Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides data privacy and security provisions for safeguarding medical information. A HIPAA-compliant system or application ensures security and privacy of any electronic protected health information (ePHI) that is stored, transmitted, or otherwise processed by covered entities and their business associates. OutSystems supports HIPAA compliance in two different ways.

Self-Managed Infrastructure

Where customers manage their own infrastructure, whether that be in a public or private cloud, or their own data center, they are responsible for ensuring HIPAA compliance. The OutSystems platform includes a number of capabilities to reduce the complexity of implementing and maintaining HIPAA compliance. Refer to our Checklist of HIPAA Safeguards.

OutSystems Cloud with Sentry

Customers that subscribe to the OutSystems Cloud with the Sentry add-on have the ability to create HIPAA compliant apps. OutSystems provides a Business Associate Agreement (BAA) to its customers certifying that their provisioned cloud infrastructure is compliant with HIPAA requirements. OutSystems customers can then build, deploy, and utilize business applications that utilize Protected Health Information (PHI).

While the OutSystems HIPAA offering removes much of the complexity of implementing and maintaining HIPAA compliance, it is a shared responsibility model. Customers are responsible for the design and administration of their specific business applications to meet HIPAA compliance requirements.