Cloudflare and HIPAA compliance

Cloudflare supports many businesses with rigorous data security requirements, including a number of healthcare organizations. Learn how our services aligns to HIPAA compliance needs.

Spectrum hero illustration
Our data privacy philosophy
Cloudflare’s network and all of our products are built with data protection in mind. Cloudflare does not sell personal data we process on customers’ behalf, or use it for any purpose other than to provide our services to customers. In addition, we build trust by building and deploying products that improve the security of our systems, encrypt data at rest or in transit, and allow our customers to determine how traffic is inspected across different locations around the world.
Security lock blue
Data confidentiality and availability

Cloudflare encrypts data by default using the latest protocols, and offers granular control over where encryption keys are stored and where logs are sent.

Learn More
Network scale blue
Threat prevention

Cloudflare’s network uses threat intelligence from millions of Internet properties to protect cloud, hybrid, and on-premises infrastructure from a variety of attacks.

Learn More
Security fingerprint privacy blue
Access management

Cloudflare Zero Trust lets companies enforce identity-aware, least privilege access for all of their applications — helping prevent impermissible data uses or disclosures.

Learn More

Additional resources

Maintaining HIPAA and HITECH compliance while using Cloudflare products

Learn about the Business Associate Agreement (BAA) Cloudflare offers, which incorporates clauses required by HIPAA about PHI protection.

Learn more

Healthcare industry case studies

Learn how Cloudflare has helped healthcare organizations around the world improve their security posture and protect patients' personal data.

Learn more

Protect and accelerate your websites, apps, and teams.