Log in



RudderStack is now a HIPAA-compliant CDP

Blog banner


We'll send you updates from the blog and monthly release notes.

Eric Dodds

Eric Dodds

Head of Product Marketing at RudderStack

August 30, 2022

We’re pleased to announce that RudderStack is now HIPAA-compliant and ready to sign BAAs (Business Associate Agreements) with customers. This is exciting news for healthcare companies like Accurx, who can now use modern customer data tooling to provide the best patient experience possible.

Patients expect healthcare companies to not only provide good care, but also great customer support, personalized experiences, and next-day deliveries. These expectations apply across the healthcare industry, whether the patient is interacting with a hospital, pharmacy, or any company providing a health service or product.

Exceeding patient expectations with great experiences is only possible with the help of modern data tools and technology.

When healthcare companies and healthcare providers think about data, HIPAA is one of the first things that comes to mind. The Health Insurance Portability and Accountability Act is a set of privacy and security standards that protects patient information in the US. For healthcare companies working with customer data, maintaining HIPAA compliance is critical.

Delivering the best patient experiences requires the best data tools

Data engineers and those responsible for data protection at healthcare companies often find their choice of modern data tools limited because so few vendors meet strict regulatory standards.

Using outdated or legacy tools makes it hard for data, product, and marketing teams to build a complete view of their patients and their journey, ultimately limiting their ability to build better customer experiences.

RudderStack: The CDP that keeps patient data safe

With RudderStack’s HIPAA compliance, data teams can collect rich customer data from every website and app to empower product, marketing, and customer success teams with a complete set of customer data.

Here’s why Covered Entities (CEs) trust RudderStack as a Business Associate (BA) that makes security and compliance easy for healthcare data teams:

  • Warehouse-first - RudderStack doesn’t store any customer data. This means that your current security and privacy protocols are still enforced without the need to add any additional tooling or protocols (or deal with a vendor black-box). For companies dealing with Protected Health Information (PHI), that is a big deal.
  • Data governance - limit what data is captured at the source and block data that doesn’t comply with your approved schemas
  • PII masking and hashing - using our Event Transformations feature allows you to enforce data privacy compliance in-flight. You can easily perform data masking, data encryption, attribute removal and event filtering before the data is delivered to destinations requiring HL7 FHIR compliance.
  • Permissions management - configure who in the company has the ability to set, and sometimes see, where PHI or PII data is going. This is actually one of the newest features that we released.
  • SOC 2 compliance - We’ve also attained SOC 2 Type 2 attestation that gives our customers assurance that we’ve implemented industry standard security safeguards.

Implementing RudderStack kickstarted a ‘revolution’ in our analytical capabilities.

- Francesca Riva, Head of Data, Accurx

Learn more about data security with RudderStack

Download our security whitepaper for more details on how RudderStack keeps your data secure.

Eric Dodds


Eric Dodds

Head of Product Marketing at RudderStack

Recent Posts


Spotlight: Have a Very Data Holiday Promotion for Event Streams

By Kristen Glass

Send Form Data From Marketo to Multiple Destinations Using RudderStack

By Alex Dovenmuehle

RudderStack Unaffected by Log4j Vulnerability

By Kristen Glass

See all posts



We'll send you updates from the blog and monthly release notes.

Get Started Image

Get started today

Start building smarter customer data pipelines today with RudderStack. Our solutions engineering team is here to help.

Sign up for freeGet a demo


  • About
  • Contact us
  • Partner with us
  • 🚀 We’re hiring!
  • Privacy policy
  • Terms of service


Learn more about the product and how other engineers are building their customer data pipelines.

Join our Slack Community


Technical documentation on using RudderStack to collect, route and manage your event data securely.

Go to Docs

© RudderStack Inc.

This site uses cookies to improve your experience. If you want to learn more about cookies and why we use them, visit our cookie policy. We’ll assume you’re ok with this, but you can opt-out if you wish cookie settings.