HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Is Alibaba HIPAA Compliant?

Alibaba is now the third largest public cloud provider behind Amazon Web Services and Microsoft Azure and is currently experiencing growth in excess of its competitors. While Alibaba is vying to become the leading public cloud provider worldwide, the company has yet to make great inroads into healthcare in the United States. Healthcare organizations in the United States must ensure that any public cloud provider is HIPAA compliant before their services can be used in connection with protected health information, so how does Alibaba Cloud stack up? Is Alibaba Cloud HIPAA compliant?

Public cloud providers are classed as business associates under HIPAA, so before their products and services can be used in connection with protected health information it is necessary for a HIPAA-covered entity or business associate to enter into a business associate agreement with the company.

The business associate agreement serves as a contract between the covered entity and the cloud service provider and confirms that the cloud service provider is aware of its responsibilities under HIPAA and provides assurances to the covered entity that its products or services support HIPAA compliance.

Alibaba does offer a business associate agreement to HIPAA-covered entities and healthcare vendors for Alibaba Cloud and the company has cloud data centers in the United States in Virginia and Silicon Valley, CA.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

The company is keen to attract healthcare clients but is aware that many may be concerned about security and HIPAA compliance. Alibaba produced a HIPAA compliance white paper in October 2019 covering its products and services detailing the safeguards that have been implemented, which have been mapped to safeguards required by the HIPAA Security Rule. You can view the white paper here.

As with all public cloud providers, Alibaba provides a platform and services that can be used in a HIPAA-compliant manner, but it is the responsibility of each HIPAA-covered entity to ensure that the products and services are used in a HIPAA compliant manner, are configured correctly, and policies and procedures are developed covering the use of those products and services and full training is provided to employees.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.