What is HIPPA Compliance for SaaS?

In relation to software developers and service providers, HIPAA compliance for SaaS means adherence to the administrative, technical and physical safeguards of the HIPAA Security Rule – provided the products you develop or the services you provide involve the creation, use, or transmission of Protected Health Information (personally identifiable data about an individual). For example:

  • If you are a software developer, and you build an application that collects personally identifiable data about an individual that may later be shared with a medical professional, you are subject to HIPAA compliance for SaaS developers.
  • If you are a service provider whose clients create, use or transmit Protected Health Information through your services, you are subject to HIPAA compliance for SaaS providers and may have to execute a Business Associate Agreement with selected clients.​

With regard to SaaS hosting companies, there is no specific provision in the HIPAA Security Rule safeguards that opposes the architecture of a cloud server, VPS server, or SaaS application – even though by nature these are “shared” architectures. However, most HIPAA-covered Covered Entities and Business Associates will want to know that you offer a HIPAA-eligible option.

Please note that HIPAA does not carry any certificate however a Compliance assessment report is sufficient to demonstrate the confirmities.


HIPAA Certificate

Year-2022 (SUMMIT IT Solutions Private Limited-HIPAA.pdf)
Expiry Date (YYYY-MM-DD): 2023-10-21