25% off all training courses Offer ends May 8, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 8, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Is Alibaba HIPAA Compliant?

Posted By on Jun 20, 2020

Alibaba is now the third largest public cloud provider behind Amazon Web Services and Microsoft Azure and is currently experiencing growth in excess of its competitors. While Alibaba is vying to become the leading public cloud provider worldwide, the company has yet to make great inroads into healthcare in the United States. Healthcare organizations in the United States must ensure that any public cloud provider is HIPAA compliant before their services can be used in connection with protected health information, so how does Alibaba Cloud stack up? Is Alibaba Cloud HIPAA compliant?

Public cloud providers are classed as business associates under HIPAA, so before their products and services can be used in connection with protected health information it is necessary for a HIPAA-covered entity or business associate to enter into a business associate agreement with the company.

The business associate agreement serves as a contract between the covered entity and the cloud service provider and confirms that the cloud service provider is aware of its responsibilities under HIPAA and provides assurances to the covered entity that its products or services support HIPAA compliance.

Alibaba does offer a business associate agreement to HIPAA-covered entities and healthcare vendors for Alibaba Cloud and the company has cloud data centers in the United States in Virginia and Silicon Valley, CA.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The company is keen to attract healthcare clients but is aware that many may be concerned about security and HIPAA compliance. Alibaba produced a HIPAA compliance white paper in October 2019 covering its products and services detailing the safeguards that have been implemented, which have been mapped to safeguards required by the HIPAA Security Rule.

As with all public cloud providers, Alibaba provides a platform and services that can be used in a HIPAA-compliant manner, but it is the responsibility of each HIPAA-covered entity to ensure that the products and services are used in a HIPAA compliant manner, are configured correctly, and policies and procedures are developed covering the use of those products and services and full training is provided to employees.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist