Couchbase has successfully completed an independent review of HIPAA requirements.

For companies working in or with the healthcare industry, HIPAA compliant systems are a key part of your security architecture. Applications within those systems rely on databases to securely store, manage, transport, and protect data. In turn, those databases need to have technologies and controls in place that support an organization’s security goals and operations. 

Couchbase has partnered with organizations around the globe since 2011 to help them meet their data security needs. Not too long ago, Couchbase Capella™ completed a SOC 2 Type II audit and today we are excited to announce the continuing expansion of our security compliance efforts. Couchbase has successfully completed an independent review of Couchbase Capella for compliance with HIPAA requirements. Though customers are responsible for confirming their own HIPAA compliance, Capella is ready for use with our customers’ applications that must meet HIPAA requirements. To do so, customers will need to enter into a Business Associate Agreement (BAA) with Couchbase and put in place certain Capella security configurations. The Couchbase BAA covers all the key elements and topics required for such an agreement. 

What are HIPAA and a BAA?

HIPAA stands for the Healthcare Insurance Portability and Accountability Act, and became law in the US in 1996. It is designed to safeguard protected health information (PHI), or individually identifiable health-related information, securely, in physical or electronic form. 

Technology providers like Couchbase may be considered, under HIPAA rules, as business associates of an organization when providing services that involve the creation, receipt, maintenance, or transmission of PHI. When Couchbase operates as a business associate, the BAA is a contract between an organization and Couchbase that defines how Couchbase may use and discloses PHI and clarifies how Couchbase assists the organization in meeting the organization’s obligations under HIPAA. For clarity, entering into a BAA with Couchbase is not sufficient to ensure an organization is HIPAA compliant: the organization must still confirm that its operations meet the requirements of HIPAA. Couchbase is just one part of an organization’s holistic security model and the BAA is designed to help support internal controls and HIPAA compliance. 

Couchbase in the healthcare industry

Many of the world’s leading healthcare organizations such as BD and Maccabi trust Couchbase on a daily basis to meet the performance and flexibility needs of their most important applications. Couchbase helps customers to deliver cutting-edge technologies and experiences in areas like:

    • Streamlining patient touchpoints and information sharing
    • Advancing understanding in clinical research data programs
    • Improving data sharing between surgical devices and healthcare applications
    • Delivering care to remote locations around the globe with mobile devices
    • Optimizing supply and equipment purchasing through the medical supply chain 

What makes Capella a great fit for healthcare applications?

Capella is a proven database-as-a-service (DBaaS) that powers innovation and brings scale, high performance, flexibility, and reliability to modern applications.

    • High availability – Healthcare services need to be available 24/7 and Capella delivers always-on reliability with automatic data replication across data centers and built-in disaster recovery
    • Flexibility – Capella JSON document data model makes healthcare applications easier to develop, deploy, and evolve. Our SQL++ query language allows developers to easily query data using familiar expressions. Tightly integrated full-text search, real-time analytics, and powerful eventing services make it easy to add new features. 
    • Offline-first mobile – Capella’s mobile technology securely syncs data from the cloud to the edge, enabling you to store, query, search, and analyze data in the cloud, at the edge, whether at a doctor’s office or a remote clinic without internet connectivity, guaranteeing that apps are always fast and always on
    • Leading performance – With integrated caching, Capella’s memory-first architecture consistently delivers millisecond responsiveness that patients and caregivers expect
    • Scalability – Unlike relational databases or NoSQL database MongoDB™, Capella allows teams to easily adjust nodes and core services to meet applications demands and improve cost effectiveness
    • Security – Capella delivers enterprise-level security throughout, including encryption, role-based access control, auditing, and more in order to meet security and privacy regulations

Find out more about Couchbase within the healthcare industry. 

Learn more about Capella security and compliance support in our Trust Center.

Find out more about Capella here or start a free trial today!


Posted by Tim Rottach, Director of Product Line Marketing

Tim Rottach is Director of Product Line Marketing at Couchbase.

Leave a reply