We at ClickHouse are excited to share some great news: HIPAA and PCI self-service deployments are now generally available in ClickHouse Cloud! This is a game-changer, empowering our customers to manage their crucial data security needs with ease and confidence.
Protecting Health Information
The Health Insurance Portability and Accountability Act (HIPAA) is a cornerstone of U.S. law, dedicated to safeguarding the most sensitive medical information. We’re talking about electronic protected health information (ePHI or PHI), which includes any information relating to a patient’s condition in the past, present or future, provision of healthcare, or payment thereof, that can be associated with a person’s identity. HIPAA outlines the requirements for both covered entities (like doctors, hospitals, and health plans) and their business associates (organizations like ClickHouse that help covered entities and other business associates process this vital data). ClickHouse built a compliance program around the HIPAA Security Rule, ensuring we provide robust administrative and technical safeguards, and work with our cloud providers to ensure compliance down to the hardware.
Securing Payment Card Data
Payment Card Industry Data Security Standards (PCI DSS) are a set of robust standards set forth by the PCI Security Standards Council designed to protect payment card data as it is stored, processed and transmitted. At ClickHouse, we proudly adhere to the stringent Level 1 Service Provider requirements of the PCI DSS, ensuring that your customers’ sensitive cardholder data is always safe.
Performance Meets Protection
ClickHouse empowers our customers to store and process ePHI and payment card data at scale with lightning fast performance. Customers currently enjoying the speed, efficiency and security of our HIPAA services include pioneers in pharma, ground breaking medical research institutions, innovative user engagement services, meticulous client management, cutting-edge artificial intelligence, and robust security services, all designed to support the healthcare industry. Our PCI customers are the vigilant heroes of fraud detection services, where every millisecond counts! We made the effort to understand the most vital security features our customers need, ensuring the continuous privacy and security of the data they entrust to us. Beyond our already formidable security framework, these specialized environments offer enhanced isolation from other workload types, fortified access controls, and granular auditing, providing complete transparency and control.
We didn’t stop there! We partnered with a trusted advisor in security and compliance to perform an independent audit of our environment, and the results are a source of pride. Our SOC 2 Type II + HIPAA and PCI Level 1 Service Provider AOC, a testament to our dedication to excellence and compliance, is readily available for download in our Trust Center. We encourage our customers to explore our security shared responsibility model to handpick security controls tailored to their unique requirements, ensuring a comprehensive security posture.
It is our honor to be your service provider of choice, especially when it comes to the most stringent and non-negotiable of privacy and security demands. We are here to support your success.
Empowerment at Your Fingertips
ClickHouse customers with Enterprise organizations, the path to secure data is now incredibly simple and direct!
HIPAA customers can request a Business Associate Agreement (BAA) directly on your Organization page within the console. Once that’s completed, you can deploy HIPAA services to certified cloud providers and regions with confidence, knowing your healthcare data is in a compliant environment.
PCI customers can seamlessly enable PCI services by simply activating the PCI compliance feature on your Organization page in the console. PCI services can be deployed to our certified cloud providers and regions, ready to secure your payment data and maintain compliance.
For even more details on our currently supported HIPAA and PCI cloud providers and regions, be sure to visit our comprehensive supported cloud regions page. The future of data security is here!
