You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/guides/security-dev-productivity/hipaa-guide.md
+7-7Lines changed: 7 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -4,30 +4,30 @@ description: Read ngrok’s recommendations for setting up ngrok services in a H
4
4
sidebar_label: HIPAA compliance
5
5
---
6
6
7
-
The Health Insurance Portability and Accountability Act (HIPAA) is the US federal law enacted to protect patient health information.
7
+
The Health Insurance Portability and Accountability Act (HIPAA) is the US federal law enacted to protect patient health information.
8
8
The law sets stringent standards in order to secure electronic protected health information (ePHI/PHI).
9
9
10
10
This page contains ngrok’s recommendations for setting up ngrok services in a HIPAA-compliant manner.
11
11
12
12
:::warning
13
-
These recommendations from ngrok's team do not constitute legal advice.
13
+
These recommendations from ngrok's team do not constitute legal advice.
14
14
Please consult your own legal and engineering teams to ensure HIPAA compliance.
15
15
:::
16
16
17
17
## Shared responsibility model
18
18
19
-
ngrok operates with a shared responsibility model.
19
+
ngrok operates with a shared responsibility model.
20
20
There are many safeguards that we put in place to protect our customers, and there are steps our customers must take to remain compliant with HIPAA.
21
21
22
-
We're responsible for providing you with all the information you need to use ngrok in a compliant manner, and how to configure the ngrok platform to remain compliant.
22
+
We're responsible for providing you with all the information you need to use ngrok in a compliant manner, and how to configure the ngrok platform to remain compliant.
23
23
24
24
You the customer are responsible for ensuring your use case is compliant and configuring ngrok correctly to ensure compliance.
25
25
26
26
## Compliant use cases
27
27
28
-
ngrok is HIPAA-compliant for use cases where PHI is stored within a packet payload.
29
-
You are responsible for ensuring that PHI is only present within the packet payload.
30
-
ngrok won't store this data in HIPAA workloads but we do store other, non-PHI, data.
28
+
ngrok is HIPAA-compliant for use cases where PHI is stored within a packet payload.
29
+
You are responsible for ensuring that PHI is only present within the packet payload.
30
+
ngrok won't store this data in HIPAA workloads but we do store other, non-PHI, data.
31
31
See [Data at ngrok](https://ngrok.com/blog-post/data-at-ngrok) for more details on what data ngrok stores.
32
32
33
33
ngrok account user information, ngrok account billing information, and packet headers should not be considered PHI within any use cases.
![autofix-ci[bot]](https://avatars.githubusercontent.com/in/243519?v=4&size=40){kind=avatar}
0 commit comments