DigitalOcean
Trust & Security

DigitalOcean and HIPAA: Enabling Healthcare Innovation on our Platform

author

By David Lopez

Staff Trust & Governance Advisor, Trust and Governance

Posted: July 1, 20242 min read
<- Back to blog home

DigitalOcean and HIPAA: Enabling Healthcare Innovation on our Platform

DigitalOcean is excited to announce that select DigitalOcean products can now be used to host electronic Protected Health Information (ePHI)! This milestone allows Covered Entities and Business Associates, such as telehealth providers, healthcare software applications, and HealthTech organizations to build and scale sensitive workloads regulated under the U.S. Health Insurance Portability and Accountability Act (HIPAA) on the Developer Cloud leveraging select DigitalOcean covered products.

Covered Products

DigitalOcean products that can now be used to process HIPAA workloads are as follows:

  • Droplets
  • Volumes Block Storage
  • Volumes Block Storage Snapshots
  • Spaces Object Storage
  • Custom Images
  • Virtual Private Cloud
  • Firewalls
  • Reserved IPs
  • Droplet Backups
  • Kubernetes
  • Container Registry
  • Load Balancers as a Service (LBaaS)

How we got here

We understand how important it is to our customers to be able to host HIPAA workloads on select DigitalOcean services, so DigitalOcean conducted a rigorous review of our systems and services in accordance with HIPAA’s requirements to allow customers to host electronic Protected Health Information (ePHI) on covered products.

DigitalOcean maintains SOC 2, SOC 3, CSA STAR Level 1, and APEC PRP certifications. We also comply with all applicable laws. With a robust set of common controls that cover asset management, configuration management, data management, identity and access management, systems monitoring, network operations, risk management, and several more, we help to better protect customer data. These controls extend to customers running HIPAA workloads on covered DigitalOcean products. See all of DigitalOcean’s certifications >

Processing HIPAA workloads on DigitalOcean

Customers who wish to process HIPAA workloads on covered products must review and accept DigitalOcean’s Business Associate Agreement (BAA). Existing customers can request a BAA through their Customer Success representative while new customers can request a BAA by contacting sales.

DigitalOcean has published HIPAA Architecture Guidance to provide best practices to customers on how to use the covered product suite. To receive a copy of the HIPAA Architecture Guidance, please chat with an expert.

Have additional questions? Check out our new HIPAA information site for more information, frequently asked questions, and additional resources.

About the author

David Lopez
David Lopez
Author
Staff Trust & Governance Advisor, Trust and Governance
See author profile
See author profile

Share

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!
Sign up

Related Articles

Expanding DigitalOcean’s Role-Based Access Controls with custom roles
Product updates

Expanding DigitalOcean’s Role-Based Access Controls with custom roles

Nicole Ghalwash
  • June 30, 2025
  • 4 min read

Read more

More resilient, flexible networking for the cloud workloads that matter
Product updates

More resilient, flexible networking for the cloud workloads that matter

Anantha Ramachandran
  • June 26, 2025
  • 5 min read

Read more

See More, Worry Less: Managed Database Observability, Monitoring, and Hardening Advancements
Product updates

See More, Worry Less: Managed Database Observability, Monitoring, and Hardening Advancements

Nicole Ghalwash
  • June 24, 2025
  • 4 min read

Read more

© 2025 DigitalOcean, LLC.Sitemap.