We’re happy to announce that Appwrite fully complies with the Health Insurance Portability and Accountability Act (HIPAA), allowing developers who handle sensitive health data to trust Appwrite as their backend.
Commitment to data security
If you’re familiar with Appwrite, you will know that data security is a top priority. We offer out-of-the-box solutions to protect your applications, making your life much easier and your users safer. Announcing our HIPAA compliance is a step to make Appwrite accessible to even more industries.
Measures taken to comply
To attain HIPAA compliance, we’ve undergone audits and implemented measures to safeguard personal information, updating our policies, procedures, and infrastructure to meet the strict requirements of HIPAA regulations.
So what did we do to comply? We’ve set measures and controls to maintain security, availability, processing integrity, and confidentiality, including:
A strict data backup schedule.
An extended business continuity plan.
Data retention rights for individuals as outlined in our Privacy Policy.
Intrusion detection and penetration testing.
Encryption of data transmitted between Appwrite and users using transport layer security (TLS) and HTTP strict Transport Security, ensuring confidentiality both at rest and during transmission.
Access to environments containing customer data is strictly controlled, requiring authentication and authorization through multi-factor authentication (MFA).
Appwrite safeguards personal information to the same extent it protects its own, complying with relevant privacy laws and regulations in the jurisdictions where its services are offered.
Please note that while Appwrite Cloud serves as a HIPAA-compliant platform to handle data, it is the responsibility of developers to ensure that their application is also compliant with HIPAA regulations.
Looking for a HIPAA compliant backend provider? Or looking to replace Firebase? Appwrite can be your solution. Take a look at our documentation to learn more about our security.