<@U046JUBUV9V>
Our client requires BAA for HIPAA-c...
# license-questionsm
Moses Kim
02/25/2025, 4:59 PM@Darshan Bhagat
Our client requires BAA for HIPAA-compliance - would Airbyte be able to do this?
If so, we want to sign up for your product asap
u
[DEPRECATED] Marcos Marx
02/25/2025, 5:53 PM
@James Gonzalez @Kevin Gavino can you check this question?
k
Kevin Gavino
02/25/2025, 6:36 PMHey folks! Airbyte qualifies as an information conduit for the purpose of HIPAA. Because a conduit is not a Business Associate, a Business Associate Agreement (BAA) is not required in order for a HIPAA-covered entity to use the conduit’s services.
We have a more thorough answer here: https://airbyte.com/solutions/data-protection under "Is Airbyte compliant with HIPAA?"
m
Moses Kim
02/25/2025, 7:13 PM@Kevin Gavino - thanks for the prompt response
from what I read in your provided website, Airbyte is ‘HIPAA Exempt’ (which seems different than HIPAA compliant w/ BAA), which means that Airbyte can be used as part of a HIPAA-compliant tech stack, and data can flow from/to other tools using Airbyte without breaking compliance.. is this correct understanding?
Moses Kim
02/25/2025, 7:16 PMthe primary use-case for us for Airbyte would be ‘data-pipeline’ - creating custom endpoints to ingest data, do some normalization/cleanup, then sending data to another point (to API endpoints using POST)
it’s just that this simple ‘move the data’ back and forth must be HIPAA-compliant (whether through exception or through BAA/HIPAA compliance)
as long as this use-case is supported by your platform, i’ll sign up today
k
Kevin Gavino
02/25/2025, 9:10 PMYes, so you can check with your customer and see if this is acceptable to them.
However, if you need more strict data governance requirements, I would recommend Open Source (readily deployable) or Self Managed Enterprise (through our sales team). Both options ensure that data remains fully within your ecosystem, as Airbyte will be deployed directly in your environment rather than a managed cloud service.