> ## Documentation Index
> Fetch the complete documentation index at: https://docs.abv.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# HIPAA Compliance

> Healthcare-ready infrastructure with Business Associate Agreements for Protected Health Information

ABV provides HIPAA-aligned infrastructure and Business Associate Agreements (BAA) to help healthcare organizations protect Protected Health Information (PHI) while using AI observability.

<Note>
  **BAA Requirement**: A Business Associate Agreement is required **ONLY** when processing Protected Health Information (PHI). If your use of ABV involves only de-identified or non-PHI healthcare data, a BAA is not necessary.
</Note>

<Info>
  ABV serves as a **Business Associate** when you use our platform to process or store PHI. We enter into a Business Associate Agreement (BAA) with you and implement appropriate safeguards to protect PHI.
</Info>

# ABV's HIPAA Compliance

<AccordionGroup>
  <Accordion title="Business Associate Agreement (BAA)" icon="file-contract">
    A BAA is **legally required under HIPAA** before sending any PHI to ABV. If you're unsure whether your data qualifies as PHI, consult your compliance or legal team. The BAA defines how we handle PHI, outlines security safeguards, establishes breach notification procedures, and provides audit rights.

    **To request a BAA**, contact [security@abv.dev](mailto:security@abv.dev).
  </Accordion>

  <Accordion title="Dedicated HIPAA Infrastructure" icon="hospital">
    Enterprise plans include dedicated HIPAA infrastructure with isolated environments, enhanced access controls, comprehensive audit logging, and dedicated AWS regions. Contact [sales](https://webforms.pipedrive.com/f/bYZXNyRLrqiEcMydUyDJpJDXQ3XChKLKmaft0Khn2t7AmItimt6piRq2Y2IzBOCCjN) to learn more.
  </Accordion>

  <Accordion title="Security Safeguards" icon="shield-check">
    ABV implements HIPAA-required safeguards:

    * **Technical**: Access controls, audit logging, integrity controls, encryption (TLS 1.2+ in transit, AES-256 at rest)
    * **Administrative**: Security management, workforce training, contingency planning (validated by [ISO 27001](/security/compliance/iso-27001-compliance))
    * **Physical**: AWS HIPAA-compliant data centers with facility access controls

    Learn more about [encryption](/security/security/encryption) and [authentication](/security/security/authentication-authorization).
  </Accordion>
</AccordionGroup>

# Your Responsibilities

<Steps>
  <Step title="Execute a BAA" icon="file-signature">
    Contact [security@abv.dev](mailto:security@abv.dev) to execute a Business Associate Agreement before sending PHI.
  </Step>

  <Step title="Configure Security" icon="shield-check">
    * Use [RBAC](/developer/platform/administration/role-based-access-controls) to limit PHI access
    * Enable [Enterprise SSO](/security/security/authentication-authorization) with MFA
    * Configure [data masking](/developer/basic-features/masking-sensitive-data) to redact PHI
    * Set [data retention policies](/developer/platform/administration/data-retention)
  </Step>

  <Step title="Monitor Access" icon="eye">
    Regularly review [audit logs](/developer/platform/administration/audit-logs) and have a breach response plan. Contact [security@abv.dev](mailto:security@abv.dev) if you suspect an incident.
  </Step>
</Steps>

# Breach Notification

If ABV discovers a potential PHI breach, we will investigate immediately, notify you within 60 days if a breach occurred, cooperate with your investigation, and remediate the issue. Learn more in our [Incident & Breach](/security/security/incident-breach) documentation.

# Related Resources

<CardGroup cols={2}>
  <Card title="Data Masking" icon="eye-slash" href="/developer/basic-features/masking-sensitive-data">
    Automatically redact PHI from traces
  </Card>

  <Card title="Access Controls" icon="key" href="/developer/platform/administration/role-based-access-controls">
    Implement RBAC for HIPAA compliance
  </Card>

  <Card title="Encryption" icon="lock" href="/security/security/encryption">
    Understand how PHI is encrypted
  </Card>

  <Card title="ISO 27001" icon="certificate" href="/security/compliance/iso-27001-compliance">
    Review our security management certification
  </Card>
</CardGroup>
