About the Coveo Cloud V2 HIPAA Platform


The Health Insurance Portability and Accountability Act (HIPAA) is an American law regarding, among other healthcare-related issues, medical record and personal data privacy. HIPAA security rules apply to healthcare organizations and their business associates, such as cloud service providers like Coveo.

In June 2017, the Coveo Cloud platform successfully passed the HIPAA Compliance audit (see Coveo Cloud Platform Successfully Passes HIPAA Compliance Audit and SOC 2 Examination). This examination confirmed Coveo’s commitment to protect electronic personal health information (PHI) handled within its Cloud platform and ensured that the platform infrastructure is built to do so. Coveo Cloud platform administrators therefore only have limited access to the indexed content, which prevents potential privacy breaches. Moreover, the Coveo Cloud HIPAA platform is hosted in a HIPAA-compliant environment. This environment offers more privacy, i.e., it is dedicated to Coveo’s HIPAA customers, and protected by additional security measures and access control procedures.

A few non-HIPAA compliant features cannot be made accessible to the Coveo Cloud HIPAA platform users to ensure PHI cannot be exposed. The differences between the Coveo Cloud HIPAA platform and the regular (non-HIPAA) platform are the following:

Point of difference Coveo Cloud HIPAA Coveo Cloud
Address platformhipaa.cloud.coveo.com platform.cloud.coveo.com
HIPAA-compliant hosting environment
Log Browser feature
Search result cache

What’s Next?