About the Coveo HIPAA Platform

The Health Insurance Portability and Accountability Act (HIPAA) is United States legislation regarding data privacy and security provisions for safeguarding electronic Personal Health Information (ePHI). HIPAA security rules apply to healthcare organizations (Covered Entities) and their Business Associates. In this regard, Coveo acts as a Business Associate on behalf of customers who must comply with HIPAA, and with whom Coveo has signed a Business Associate Agreement (BAA).

To prove compliance, Coveo must successfully pass and maintain a biennial HIPAA Compliance Audit. This audit reaffirms Coveo’s commitment to protecting ePHI, as required by HIPAA. As such, Coveo offers a HIPAA-compliant environment for customers with whom it signs a BAA. Coveo passed its latest audit in 2021.

The HIPAA-compliant environment is built on a separate platform infrastructure that’s designed to ease compliance with HIPAA requirements. Moreover, the HIPAA-compliant environment offers more privacy, as it’s dedicated to Coveo’s HIPAA customers and protected by additional security measures and access control procedures. Access is limited according to the "Minimum Necessary" standard, and breach notification protocols are tailored to the HIPAA time frame.

Therefore, some features are disabled on the Coveo HIPAA Platform as they don’t comply with HIPAA requirements and could lead to unauthorized disclosure. The differences between the Coveo HIPAA Platform and the standard (non-HIPAA) platform are the following:

Point of difference Coveo HIPAA Coveo

Address

platformhipaa.cloud.coveo.com

platform.cloud.coveo.com

HIPAA-compliant hosting environment

check

x

Search result cache

x

check

What's next for me?