DigitalOcean and HIPAA: Enabling Healthcare Innovation on our Platform

DigitalOcean is excited to announce that select DigitalOcean products can now be used to host electronic Protected Health Information (ePHI)! This milestone allows Covered Entities and Business Associates, such as telehealth providers, healthcare software applications, and HealthTech organizations to build and scale sensitive workloads regulated under the U.S. Health Insurance Portability and Accountability Act (HIPAA) on the Developer Cloud leveraging select DigitalOcean covered products.

Covered Products

DigitalOcean products that can now be used to process HIPAA workloads are as follows:

• Droplets
• Volumes Block Storage
• Volumes Block Storage Snapshots
• Spaces Object Storage
• Custom Images
• Virtual Private Cloud
• Firewalls
• Reserved IPs
• Droplet Backups
• Kubernetes
• Container Registry
• Load Balancers as a Service (LBaaS)

How we got here

We understand how important it is to our customers to be able to host HIPAA workloads on select DigitalOcean services, so DigitalOcean conducted a rigorous review of our systems and services in accordance with HIPAA’s requirements to allow customers to host electronic Protected Health Information (ePHI) on covered products.

DigitalOcean maintains SOC 2, SOC 3, CSA STAR Level 1, and APEC PRP certifications. We also comply with all applicable laws. With a robust set of common controls that cover asset management, configuration management, data management, identity and access management, systems monitoring, network operations, risk management, and several more, we help to better protect customer data. These controls extend to customers running HIPAA workloads on covered DigitalOcean products. See all of DigitalOcean’s certifications >

Processing HIPAA workloads on DigitalOcean

Customers who wish to process HIPAA workloads on covered products must review and accept DigitalOcean’s Business Associate Agreement (BAA). Existing customers can request a BAA through their Customer Success representative while new customers can request a BAA by contacting sales.

DigitalOcean has published HIPAA Architecture Guidance to provide best practices to customers on how to use the covered product suite. To receive a copy of the HIPAA Architecture Guidance, please chat with an expert.

Have additional questions? Check out our new HIPAA information site for more information, frequently asked questions, and additional resources.