How Courier Became HIPAA Compliant

New Blogpost by Aman Kandola

When thinking about handling PII (Personally Identifiable Information) for SaaS companies, standards like SOC 2 compliance and GDPR immediately come to mind. One of the most sensitive types of information for a tech company to handle, however, is actually PHI, or protected health information. To be able to handle this type of data, a company must become HIPAA compliant.

HIPAA, or the Health Insurance Portability and Accountability Act, regulates the way PHI is collected, processed, stored, and shared in the United States. Protecting PII remains as important as ever to maintain a person’s security and privacy online, but in addition, the improper handling of a person’s health data can actually be dangerous. For example, data concerning a child’s vaccinations that are improperly stored could cause the patient to receive a double dose, no dose at all, or the incorrect vaccine entirely.

Today, we are excited to announce that Courier is now HIPAA compliant and this post will get into why SaaS companies should be HIPAA compliant, why this is important for our company, and the steps we took to get here.