Cloudflare and HIPAA compliance

Cloudflare supports many businesses with rigorous data security requirements, including a number of healthcare organizations. Learn how our services aligns to HIPAA compliance needs.


Our data privacy philosophy
Cloudflare’s network and all of our products are built with data protection in mind. Cloudflare does not sell personal data we process on customers’ behalf, or use it for any purpose other than to provide our services to customers. In addition, we build trust by building and deploying products that improve the security of our systems, encrypt data at rest or in transit, and allow our customers to determine how traffic is inspected across different locations around the world.
Data confidentiality and availability

Cloudflare encrypts data by default using the latest protocols, and offers granular control over where encryption keys are stored and where logs are sent.

Learn More
Threat prevention

Cloudflare’s network uses threat intelligence from approximately 25 million Internet properties to protect cloud, hybrid, and on-premises infrastructure from a variety of attacks.

Learn More
Access management

Cloudflare for Teams lets companies enforce zero trust access and follow the principle of least privilege for all of their applications — helping prevent impermissible data uses or disclosures.

Learn More

Additional resources

Maintaining HIPAA and HITECH compliance while using Cloudflare products

Learn about the Business Associate Agreement (BAA) Cloudflare offers, which incorporates clauses required by HIPAA about PHI protection.

Learn more

Healthcare industry case studies

Learn how Cloudflare has helped healthcare organizations around the world improve their security posture and protect patients' personal data.

Learn more

Protect and accelerate your websites, apps, and teams.