About the Coveo HIPAA Platform
The Health Insurance Portability and Accountability Act (HIPAA) is United States legislation concerning data privacy and security provisions for safeguarding electronic Personal Health Information (ePHI). HIPAA security rules apply to healthcare organizations (Covered Entities) and their Business Associates. In this regard, Coveo acts as a Business Associate on behalf of customers who must comply with HIPAA, and with whom Coveo has signed a Business Associate Agreement (BAA).
To demonstrate compliance, the Coveo Platform has successfully passed and maintains a biennial HIPAA Compliance Audit, the latest in 2019. This audit reaffirms Coveo’s commitment to protecting ePHI, as required by HIPAA. As such, Coveo offers a HIPAA-compliant environment for customers with whom it signs a BAA.
The HIPAA-compliant environment is built on a separate platform infrastructure that’s designed to ease compliance with HIPAA requirements. Moreover, the HIPAA-compliant environment offers more privacy, as it’s dedicated to Coveo’s HIPAA customers and protected by additional security measures and access control procedures. Access is limited according to the “Minimum Necessary” standard, and breach notification protocols are tailored to the HIPAA time frame.
Therefore, some features are disabled on the Coveo HIPAA Platform as they don’t comply with HIPAA requirements and could lead to unauthorized disclosure. The differences between the Coveo HIPAA Platform and the standard (non-HIPAA) platform are the following:
|Point of difference||Coveo Cloud HIPAA||Coveo Cloud|
|HIPAA-compliant hosting environment|
|Search result cache|