HIPAA Add-On is required to be purchased to ensure that your deployment of GoodData complies with the Health Insurance Portability and Accountability Act.
HIPAA Add-On includes everything available in the standard subscription. On top of that, additional is included in the package:
- Execution of BAA between GoodData (Business Associate) and the Customer (Business Associate or Covered Entity)
- ISO 27001 and HIPAA compliant processes for implementation and maintenance of the solution containing ePHI
- All support access to customer workspaces via impersonation (full audit trail who accessed the data)
- Impersonation of customer accounts by support personnel requires written permission from the customer
- All support access to customer data by means of impersonation of platform users are subject to audit
Typically, our HIPAA support is limited to your primary (production) organization. If you require HIPAA compliance for development, testing, or any other organizations beyond the two included in the package, you must make a specific request and provide a justification.