Industry Best Practices & Top Insights delivered to your Inbox.
Blog Product

CleverTap Prioritizes Data Safety and Security with HIPAA Compliance

Mrinal Parekh Mrinal Parekh, Senior Manager at CleverTap, has expertise in product, consumer, and digital marketing, with previous roles at Razorpay and Amazon.
CleverTap Prioritizes Data Safety and Security with HIPAA Compliance

Building relationships requires consistent and personalized experiences across all touchpoints. Data plays an essential role in delivering relevant, timely content. Health and wellness apps are no exception and are quickly innovating to make it easier for consumers to access and monitor their medical information using mobile apps. While efficient use of health data to provide valuable services becomes more common, the need to protect the data captured by apps is also becoming apparent.
Ensuring that customer data is safe and secure is one of our top priorities. CleverTap is now compliant with the Health Insurance Portability and Accountability Act (HIPAA) to support businesses that handle personal health-related data. HIPAA requires the protection and confidential handling of Protected Health Information (PHI) by covered entities who are individuals and organizations that are subject to its requirements. By becoming HIPAA compliant, CleverTap helps customers satisfy HIPAA requirements to maintain compliance.
What is HIPAA and What’s Considered Protected Health Information (PHI)?
HIPAA is a US federal law that implements national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The HIPAA Privacy Rule protects all individually identifiable health information and affects how it is accessed, stored, and shared in any form or media, whether electronic, paper, or spoken aloud. The HIPAA Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI. 
PHI is any information that can be used to identify an individual seeking healthcare. It includes identity information, medical records, conversations with doctors and other healthcare professionals, and billing information with patient identifiable information on it. Examples of PHI include patient name, address, phone numbers, dates (birth, admittance, discharge) medical record numbers, account numbers, and email addresses.
HIPAA Rules Apply to Covered Entities and Business Associates
HIPAA requires the protection and confidential handling of PHI by covered entities. Any organization that falls under the definition of covered entity under HIPAA has to comply. Covered entities include health care providers, health plans, and health care clearinghouses that electronically store and transmit any health information. If these entities create their own mobile applications that collect, store, or use PHI, then these mobile apps must be HIPAA compliant.
By law, the HIPAA Privacy Rule applies only to covered entities. However, most health care providers and health plans do not carry out all of their health care activities and functions by themselves. A business associate is a person or entity that collects, stores, maintains, or transmits any PHI on behalf of a covered entity. 
HIPAA is Part of Our Overall Commitment to Data Privacy & Security
CleverTap is now HIPAA compliant to better support all brands working with PHI including many health and wellness companies. 
In addition to HIPAA, CleverTap offers robust security solutions and meets global compliance standards. CleverTap continually invests in people, processes, and technology to comply with international standards and regulatory requirements. 
To ensure the highest level of data security, CleverTap applies the most rigorous administrative, technical, and physical safeguards.
User data is always protected by adhering to the highest security standards and encryption. 

  • CleverTap is hosted on Amazon Web Services, the world’s most secure global infrastructure platform. Data is stored in independent AWS servers, separated by region. 
  • While customer data in a region is stored in the same server, it is logically separated by multiple techniques to prohibit data transfers between customers.
  • Data in transit is encrypted using the latest TLS protocols. 
  • Security testing is integrated throughout the software development lifecycle.
  • Security is maintained throughout the application, network, and data layers.

Organizations have full control over data access and authorizations.

  • CleverTap offers powerful and flexible features so that only authorized staff has access, including two-factor authentication, single sign-on, role-based access control, advanced role-based access control, and campaign approval workflows. 

Global Compliance and Certifications

  • CleverTap’s cloud service provider, AWS, complies with a wide range of security standards. 
  • CleverTap meets global, regional, and industry-specific compliance standards including GDPR (Europe), GDPR-K (Europe), COPPA (United States), CCPA (California), and HIPAA BAA (health industry). These compliance standards govern collection, storage, and sharing of a user’s personal data. 
  • CleverTap is ISO-27001 (global), SOC 2, and Safe To Host certified. The processes, security controls, and technology used by CleverTap are audited by third-party companies or independent auditors.

For tips on the measures you can take to make your mobile app HIPAA compliant, refer to our blog on How CleverTap Customers Address HIPAA Compliance Within their Marketing Organizations.
Our privacy and security team is dedicated to helping you confidently maintain compliance when using our platform. If you have any questions or concerns, please reach out to us at

See how today’s top brands use CleverTap to drive long-term growth and retention

Schedule a Demo Now!

Last updated on March 14, 2024