For organizations in healthcare and related fields subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), MongoDB Cloud is HIPAA-ready and enables covered entities and their business associates to use a secure cloud database environment to process, maintain, and store protected health information (PHI).
HIPAA is United States legislation that provides data privacy and security provisions for safeguarding medical information. Specifically, HIPAA requires compliance with the following:
Yes. MongoDB has undertaken an Independent Practitioner's Report assessing its compliance with requirements of the Health Insurance Portability and Accountability Act ("HIPAA") Security Standards for the Protection of Electronic Protected Health Information ("HIPAA Security Rule"), and the Notification in the Case of Breach of Unsecured Protected Health Information enacted as part of the American Recovery and Reinvestment Act of 2009 ("HITECH Breach Notification Requirements").
The report finds that MongoDB's description of its information security program "fairly presents the information security program supporting MongoDB Cloud that was provided to user entities, as of September 30, 2020", and "the information security program conformed to the applicable implementation specifications within the HIPAA Security Rule and the HITECH Breach Notification Requirements, as described in Part 164 of CFR 45, as of September 30, 2020."
This page is for informational purposes only, and MongoDB does not intend the information or recommendations presented here to constitute legal advice. Each customer is responsible for independently evaluating its own particular use of MongoDB's services as appropriate to support its legal and compliance obligations.