About the Coveo HIPAA Platform
The Health Insurance Portability and Accountability Act (HIPAA) is United States legislation concerning data privacy and security provisions for safeguarding electronic Personal Health Information (ePHI). HIPAA security rules apply to healthcare organizations (Covered Entities) and their Business Associates. In this regard, Coveo acts as a Business Associate on behalf of customers who must comply with HIPAA, and with whom Coveo has signed a Business Associate Agreement (BAA).
To demonstrate compliance, the Coveo Cloud Platform has successfully passed and maintains an annual HIPAA Compliance Audit. This audit reaffirms Coveo’s commitment to protecting ePHI, as required by HIPAA. As such, Coveo offers a HIPAA-compliant environment for customers with whom it signs a BAA.
The HIPAA-compliant environment is built on a separate platform infrastructure that is designed to facilitate compliance with HIPAA requirements. Moreover, the HIPAA-compliant environment offers more privacy, as it is dedicated to Coveo’s HIPAA customers and protected by additional security measures and access control procedures. Access is limited according to the “Minimum Necessary” standard, and breach notification protocols are tailored to the HIPAA timeframe.
Therefore, some features are disabled on the Coveo Cloud HIPAA platform as they do not comply with HIPAA requirements and could lead to unauthorized disclosure. The differences between the Coveo Cloud HIPAA platform and the standard (non-HIPAA) platform are the following:
|Point of difference||Coveo Cloud HIPAA||Coveo Cloud|
|HIPAA-compliant hosting environment|
|Log Browser feature|
|Search result cache|