Vercel supports HIPAA compliance for enterprise customers. Our HIPAA report is available upon request at security.vercel.com.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires certain businesses to adhere to a set of privacy and security standards that protects the confidentiality, integrity, and availability of protected health information (PHI).
Does Vercel process protected health information (PHI)?
With Vercel’s shared responsibility model, Vercel’s records may contain healthcare information that can include data relevant to PHI based on the customers’ configuration.
Any additional data captured within the system is at the discretion of Vercel’s customers. Vercel itself does not manage or review this data. Vercel is responsible for helping ensure that the customer data is stored in their systems securely and remains available for their use.
Vercel as a Business Associate
Vercel serves as a business associate to customers that meet the definition of a covered entity under HIPAA (i.e. health plans, healthcare providers, etc.). A business associate performs certain functions or services that involve the use or disclosure of PHI on behalf of a covered entity. Covered entities may be required to enter into a Business Associate Agreement (BAA) with business associates to meet their HIPAA requirements.
For Enterprise customers subject to HIPAA and processing PHI within their websites or applications, Vercel will sign a BAA. To request Vercel’s BAA, please contact us.