Health Insurance Portability and Accountability Act (HIPAA) – CyberArk
The Health Insurance Portability and Accountability Act and associated regulations are U.S laws establishing requirements regarding the use, disclosure, and safeguarding of individually identifiable health information. Where a covered entity or a business associate (as defined under HIPAA) instructs CyberArk to process such health information, CyberArk could itself become a business associate depending on the nature of the services provided and information processed. We have listed below the CyberArk covered services.
CyberArk HIPAA covered services:
To the extent that (a) Customer is established in the United States; and (b) is a “covered entity” or a “business associate” and includes “Protected Health Information” (as these terms are defined in the Business Associate Agreement (“BAA”)) in Customer Data, all CyberArk services shall be covered under HIPAA.
