Is Heroku HIPAA Compliant

Heroku is a platform-as-a-service (PaaS) offering. The service is offered as a developer platform for quickly developing applications without much DevOps configuration and database management.

Read Our Latest Whitepaper – Managing HIPAA in AWS Download Whitepaper

Heroku provides specific add-ons for configuring an environment in a HIPAA compliant manner. For several thousand dollars a month, Heroku offers a dedicated network with specific encryption and logging standards. Unfortunately it is your organization’s responsibility to insure that all other required physical, technical, and administrative safeguards and policies have been implemented to maintain HIPAA compliance.

Most cloud services, including Heroku provide HIPAA compliant services on a “Shared Responsibility” model. Learn more about the compliance requirements shared between your organization and your cloud provider.

Building HIPAA Compliant Applications

Organizations have several options for building HIPAA compliant services. Teams may turn to Amazon Web Services (AWS) for solutions to rapidly build compliant applications.

• Serverless offerings such as AWS Lambda can be configured for HIPAA compliance.
• Hosted database services such as Amazon RDS may be configured for HIPAA compliance. With RDS teams can build HIPAA compliant databases using MySQL, PostgreSQL, MariaDB, Oracle, and more.

These services are a good alternatives to Firebase, and allow teams to quickly build applications without worrying about much cloud configuration and DevOps administration.

Source:

https://www.dashsdk.com/is-heroku-hipaa-compliant/