Merge pull request appwrite#869 from appwrite/feat-hippa

Draft for HIPPA compliance
faselgodbcho · Apr 11, 2024 · c3c30e8 · c3c30e8
2 parents f43a838 + 07832b6
commit c3c30e8
Show file tree

Hide file tree

Showing 8 changed files with 36 additions and 22 deletions.
diff --git a/src/routes/+page.svelte b/src/routes/+page.svelte
@@ -350,7 +350,6 @@
                                 />
                                 <h3 class="web-info-boxes-title">
                                     <span>HIPAA</span>
-                                    <span class="web-inline-tag is-pink">Coming Soon</span>
                                 </h3>
                                 <p class="web-info-boxes-content">
                                     Protect sensitive user health data.

diff --git a/src/routes/blog/post/announcing-appwrite-is-gdpr-compliant/+page.markdoc b/src/routes/blog/post/announcing-appwrite-is-gdpr-compliant/+page.markdoc
@@ -11,7 +11,7 @@ category: GDPR
 
 We have always kept strict internal policies with regard to personal data and privacy. But to be GDPR compliant, one must undertake the necessary steps and show proof. We have done this and are pleased that we are now certified with the European General Data Protection Regulation (GDPR) standards.
 
-Appwrite developers will no longer have to navigate the complex waters of GDPR compliance – we've got you covered. We have undertaken the necessary measures to protect personal information. Our policies, procedures, and infrastructure have been updated, and we are committed to a continuous improvement cycle as time goes by.
+Appwrite developers will no longer have to navigate the complex waters of GDPR compliance, we've got you covered. We have undertaken the necessary measures to protect personal information. Our policies, procedures, and infrastructure have been updated, and we are committed to a continuous improvement cycle as time goes by.
 
 If you are interested in having a data processing agreement with Appwrite, you can now find our DPA download button in our console. Click and sign it, and the agreement will be implemented.
 
@@ -26,6 +26,6 @@ Here are some technical insights into how we enhance data security:
 
 As always, with Appwrite, developers can continue creating with peace of mind. Your personal data will not be mistreated.
 
-Appwrite is also actively working towards compliance with SOC 2 standards and HIPPA, which will be announced at a later date.
+Appwrite is also HIPAA compliant while actively working towards compliance with SOC 2 standards which will be announced at a later date.
 
 Further resources: [Documentation](https://appwrite.io/docs/advanced/security/gdpr), [Privacy policy](https://appwrite.io/privacy) , [Cookie policy](https://appwrite.io/cookies)
diff --git a/src/routes/docs/advanced/security/+layout.svelte b/src/routes/docs/advanced/security/+layout.svelte
@@ -29,8 +29,8 @@
 					href: '/docs/advanced/security/soc2'
 				},
 				{
-					label: 'HIPPA (Coming soon)',
-					href: '/docs/advanced/security/hippa'
+					label: 'HIPAA',
+					href: '/docs/advanced/security/hipaa'
 				},
 				{
 					label: 'PCI',

diff --git a/src/routes/docs/advanced/security/+page.markdoc b/src/routes/docs/advanced/security/+page.markdoc
@@ -5,7 +5,7 @@ description: Learn how Appwrite keeps your project, users, and data secure throu
 ---
 
 Appwrite helps you build secure apps by applying various security and compliance measures. 
-Appwrite is compliant with [GDPR](/docs/advanced/security/gdpr) and actively working toward [SOC 2](/docs/advanced/security/soc2) and [HIPPA](/docs/advanced/security/hippa) compliance.
+Appwrite is compliant with [GDPR](/docs/advanced/security/gdpr) and [HIPAA](/docs/advanced/security/hipaa) while actively working toward [SOC 2](/docs/advanced/security/soc2) compliance.
 
 Appwrite also employs [enhanced password protection and encryption](/docs/products/auth/security), [rate limits](/docs/advanced/security/abuse-protection), 
 [robust permission systems](/docs/advanced/platform/permissions), and [HTTPS/TLS](/docs/advanced/security/tls) to protect you and your users' data.
@@ -28,10 +28,9 @@ Appwrite uses Stripe to handle payment and payment information securely. Learn a
 Coming soon
 {% /cards_item %}
 
-{% cards_item href="/docs/advanced/security/hippa" title="HIPPA" %}
-Coming soon.
+{% cards_item href="/docs/advanced/security/hipaa" title="HIPAA" %}
+Appwrite is HIPAA compliant. Learn about how Appwrite's measures to protect personal health information.
 {% /cards_item %}
-
 {% /cards %}
 
 # Measures {% #measures %}

diff --git a/src/routes/docs/advanced/security/gdpr/+page.markdoc b/src/routes/docs/advanced/security/gdpr/+page.markdoc
@@ -9,7 +9,7 @@ GDPR is a EU regulation that concerns data privacy and security in the European
 
 By attesting that Appwrite is GDPR compliant, we have done the following:
 - Appwrite users will retain access to their personal information including the right to correct and to delete it.
-- Impose the same rules upon the organization’s sub-processors who assist in providing Appwrite’s services as described in the Terms of Service (“ToS”). 
+- Impose the same rules upon the organization's sub-processors who assist in providing Appwrite's services as described in the Terms of Service (“ToS”). 
 - Appwrite will notify users promptly about policy changes and/or data breaches.
 
 You can learn more in our [Privacy policy](https://appwrite.io/privacy) and [Cookie policy](https://appwrite.io/cookies). 

diff --git a/src/routes/docs/advanced/security/hipaa/+page.markdoc b/src/routes/docs/advanced/security/hipaa/+page.markdoc
@@ -0,0 +1,28 @@
+---
+layout: article
+title: HIPAA
+description: Learn about Appwrite Cloud's measures to achieve HIPAA compliance.
+---
+
+Appwrite is compliant with HIPAA (Health Insurance Portability and Accountability Act) regulations.
+HIPAA is an important regulation that protects patients' health data from being disclosed without consent or knowledge.
+
+If you're building apps that handle information that is considered [PHI (Personal Health Information)](https://privacyruleandresearch.nih.gov/pr_07.asp)
+for an U.S. user base, data must be stored in a HIPAA-compliant environment.
+
+To attain HIPAA compliance, we've taken extensive measures, ensuring that our practices align with the highest data protection standards. 
+We have implemented robust measures to safeguard personal information, updating our policies, procedures, and infrastructure to meet the strict requirements of HIPAA regulations.
+
+- A strict data backup schedule.
+- An extended business continuity plan.
+- Data retention rights for individuals as outlined in our [Privacy Policy](https://appwrite.io/privacy).
+- Intrusion detection and penetration testing.
+- Encryption of data transmitted between Appwrite and users using transport layer security (TLS) and HTTP strict Transport Security, 
+ensuring confidentiality both at rest and during transmission.
+- Access to environments containing customer data is strictly controlled, 
+requiring authentication and authorization through multi-factor authentication (MFA). 
+
+Appwrite safeguards personal information to the same extent it protects its own, complying with relevant privacy laws and regulations in the jurisdictions where its services are offered. 
+
+Please note that while Appwrite Cloud serves as a HIPAA-compliant platform to handle data, 
+it is the responsibility of developers to ensure that their application is also compliant with HIPAA regulations.
diff --git a/src/routes/docs/advanced/security/hippa/+page.markdoc b/src/routes/docs/advanced/security/hippa/+page.markdoc
diff --git a/src/routes/docs/advanced/security/mfa/+page.markdoc b/src/routes/docs/advanced/security/mfa/+page.markdoc