The Health Insurance Portability and Accountability Act and associated regulations are U.S laws establishing requirements regarding the use, disclosure, and safeguarding of individually identifiable health information. Where a covered entity or a business associate (as defined under HIPAA) instructs CyberArk to process such health information, CyberArk could itself become a business associate depending on the nature of the services provided and information processed. We have listed below the CyberArk covered services.
CyberArk HIPAA covered services:
To the extent that (a) Customer is established in the United States; and (b) is a “covered entity” or a “business associate” and includes “Protected Health Information” (as these terms are defined in the Business Associate Agreement (“BAA”)) in Customer Data, all CyberArk services shall be covered under HIPAA.
CyberArk’s Business Associate Agreement: