Health Insurance Portability and Accountability Act (HIPAA)

The Security and Data Breach Notification Rules adopted under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) protect the confidentiality and integrity of protected health information (PHI) when held by healthcare providers, insurers, and healthcare clearinghouses (covered entities), as well as companies that provide services to covered entities, known as business associates.

While F5 does not store or process health-related data on behalf of our customers, it is possible that some data we hold could constitute PHI, such as the association between a user with a particular IP address and an F5 customer that is a covered entity. To ensure compliance, we implement security controls that exceed those required by the Security Rule (and our compliance has been assessed by external auditors in our SOC 2 Type 2 Report), we have designated our Chief Information Security Officer as the HIPAA Security Official, and we have executed business associate agreements (BAAs) with our vendors who may hold this data. We also have a standard BAA for contracting with customers that is available upon request.

Can customers subject to HIPAA (the U.S. Health Insurance Portability & Accountability Act) use F5 services?

Yes. HIPAA-regulated customers can enter into F5’s HIPAA business associate agreement (BAA), which covers all F5 services. F5 implements security safeguards that exceed those required by the HIPAA Security Rule and our compliance has been assessed by external auditors in our SOC 2 Type 2 Report. Refer to https://www.f5.com/company/policies/privacy-notice for more details.

Suggested Searches

Health Insurance Portability and Accountability Act (HIPAA)

FAQ

Secure and Deliver Extraordinary Digital Experiences

Health Insurance Portability and Accountability Act (HIPAA)

FAQ

Secure and Deliver Extraordinary Digital Experiences

CONNECT WITH US