About the Coveo HIPAA Platform

This is for:

System Administrator

The Health Insurance Portability and Accountability Act (HIPAA) is United States legislation regarding data privacy and security provisions for safeguarding electronic Personal Health Information (ePHI). HIPAA security rules apply to healthcare organizations (Covered Entities) and their Business Associates. In this regard, Coveo acts as a Business Associate on behalf of customers who must comply with HIPAA, and with whom Coveo has signed a Business Associate Agreement (BAA).

To prove compliance, Coveo must successfully pass and maintain a biennial HIPAA Compliance Audit. This audit reaffirms Coveo’s commitment to protecting ePHI, as required by HIPAA. As such, Coveo offers a HIPAA-compliant environment for customers with whom it signs a BAA. Coveo passed its latest audit in 2023.

The HIPAA-compliant environment is built on a separate platform infrastructure that’s designed to ease compliance with HIPAA requirements. Moreover, the HIPAA-compliant environment offers more privacy, as it’s dedicated to Coveo’s HIPAA customers and protected by additional security measures and access control procedures. Access is limited according to the "Minimum Necessary" standard, and breach notification protocols are tailored to the HIPAA time frame.

Therefore, some features may be disabled on the Coveo HIPAA Platform if they don’t comply with HIPAA requirements. The differences between the Coveo HIPAA Platform and the standard (non-HIPAA) platform are the following:

Point of difference Coveo HIPAA Coveo




HIPAA-compliant hosting environment



Audit logs retention

6 years

1 year