Overview

The Health Insurance Portability and Accountability Act (HIPAA) is a set of rules and regulations passed in 1996 that aims to protect and ensure the confidential handling of protected health information (PHI). It affects healthcare providers, health plans, and similar organizations known as “covered entities,” as well as vendors working with these healthcare-related organizations known as “business associates.”

Organizations use cloud-based solutions to manage patient data, which requires adherence to HIPAA regulations. Datadog provides HIPAA compliant observability and ensures compliance with regulatory requirements.

HIPAA-compliant Log Management

Datadog will sign a Business Associate Agreement (BAA) with customers that transmit protected health information (ePHI) through Datadog’s HIPAA-eligible services.

These restrictions are imposed on customers who have signed Datadog’s BAA:

• Users cannot request support through Zendesk Live Chat.
• Users cannot share logs or security signals from the Datadog explorer.

If you have any questions about how the Log Management Service satisfies the applicable requirements under HIPAA, contact your account manager. HIPAA-enabled customers do not need to use specific endpoints to submit logs to enforce specific encryptions. The encryptions are enabled on all log submission endpoints.

Further Reading

Additional helpful documentation, links, and articles:

HIPAA-compliant observability and security for health information systemsBLOG Data Security for Log ManagementDOCUMENTATION