SECURITY CENTERSECURITY CENTER
HIPAA
Being a subcontractor under the Health Insurance Portability and Accountability Act (HIPAA) entails assuming a specific role with distinct responsibilities and obligations regarding the handling and protection of Protected Health Information (PHI). HIPAA, a federal law enacted in 1996, primarily aims to protect the privacy and security of an individual's health information while facilitating the flow of health information needed to ensure high-quality health care and protect public health and well-being.
A subcontractor under HIPAA typically refers to a business associate of another business associate.
Xano would be considered a subcontractor under HIPAA when it provides services to a business associate or covered entity that involve the use or disclosure of Protected Health Information (PHI). This designation hinges on the nature of the services Xano offers and how these services interact with PHI.
The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA, is a series of regulatory standards that outline the lawful use and disclosure of protected health information.
Xano HIPAA Compliance
The Health Insurance Portability and Accountability Act ("HIPAA") requires the protection and confidential handling of protected health information by covered entities. Xano was recently audited and meets all the criteria required for HIPAA compliance.
To add our HIPAA offering to your Xano plan, navigate to , select change plan, add HIPAA & BAA, and complete your checkout.
What ePHI needs to be protected?
Information protected by HIPAA typically includes:
- Names & birthdates
- Dates pertaining to a patient's
- birth
- death
- treatment schedule (illness and medical care)
- Contact information
- telephone number(s)
- physical addresses
- Social Security Numbers (SSI)
- Medical Record Numbers
- Photographs & digital images
- Fingerprints
- Voice recordings
Any other form of unique identification or account number(s).
Data Privacy
The Health Insurance Portability and Accountability Act ("HIPAA") requires the protection and confidential handling of protected health information by covered entities. Apart from having both HIPAA and ISO27001 compliance as a foundation, you are in complete control of how data is collected and stored on your Xano Instance giving you the ultimate flexibility around ensuring your users' data is confidentially and securely stored.
Helping you meet compliance obligations (BAA)
In accordance with HIPAA, Xano is prepared and able to enter into Business Associate Agreement (BAA) or Subcontractor's agreement once a HIPAA + BAA upgrade is added as a Scale1x (or higher) plan ($500/mo) or it comes standard with an Enterprise plan.
Subcontractor
Xano would formally be considered a HIPAA subcontractor when it enters into a Business Associate Agreement (BAA) with a business associate. A BAA is a legal document required under HIPAA that stipulates how a business associate or subcontractor will protect PHI in accordance with HIPAA guidelines. It outlines the permitted uses and disclosures of PHI by the subcontractor, the required safeguards to protect it, and the subcontractor's obligations in the event of a breach of PHI (please see DRAFT versions to the BAA & Subcontractor agreements below).
Business Associate Agreement (BAA) is a formal document that is required under the U.S. Health Insurance Portability and Accountability Act (HIPAA) when a covered entity, such as a healthcare provider, engages a business associate to perform services involving the use or disclosure of protected health information (PHI). The BAA ensures that the business associate will appropriately safeguard PHI, maintain confidentiality, and handle the data in compliance with HIPAA regulations.