Aptible PaaS logoDocs

How to achieve HIPAA compliance on Aptible

Learn how to achieve HIPAA compliance on Aptible, the leading platform for hosting HIPAA-compliant apps & databases


Aptible's story began with a focus on serving digital health companies. As a result, the Aptible platform was designed with HIPAA compliance in mind. It automates and enforces all the necessary infrastructure security and compliance controls, ensuring the safe storage and processing of HIPAA-protected health information and more.

This guide will cover the essential steps for achieving HIPAA compliance on Aptible.

HIPAA-Compliant Production Checklist

Prerequisites: An Aptible account on the Growth Plan or higher
  1. Provision a dedicated stack
    1. Dedicated stacks live on isolated infrastructure and are designed to support deploying resources with higher requirements— such as HIPAA. Aptible automates and enforces 100% of the necessary infrastructure security and compliance controls for HIPAA compliance. This includes but is not limited to:
      1. Network Segregation (see: stacks)
      2. Centralized IAM (see: access & permissions)
      3. Platform Activity Logging (see: activity)
      4. Automated Backups & Automated Backup Testing (see: database backups)
      5. Database Encryption at Rest (see: database encryption)
      6. End-to-end Encryption in Transit (see: database encryption)
      7. DDoS Protection (see: DDoS Protection)
      8. Automatic Container Recovery (see: container recovery)
      9. Intrusion Detection (see: HIDS)
      10. Host Hardening
      11. Secure Infrastructure Access, Development, and Testing Practices
      12. 24/7 Site Reliability and Incident Response
      13. Infrastructure Penetration Tested
  2. Execute a BAA with Aptible
    1. When you request your first dedicated stack, an Aptible team member will reach out to coordinate the execution of a Business Associate Agreement (BAA).

After these steps are taken, you are ready to process PHI! 🎉

Here are some optional steps you can take:

    1. Review the controls implemented for you, enhance your security posture by implementing additional controls, and share a detailed report with your customers.
  1. Show off your compliance with a Secured by Aptible HIPAA compliance badge
  2. Set up log retention
    1. Set up long-term log retention with the use of a log drain. All Aptible log drain integrations offer BAAs.

This document serves as a guide and does not replace professional legal advice. For detailed compliance questions, it is recommended to consult with legal experts or Aptible's support team.

How to achieve HIPAA compliance on Aptible