HIPAA Compliance

Ripple's plans have security features that meet or exceed HIPAA guidelines.  We sign Business Associate Agreements with any of our customers who are subject to HIPAA. 

Our current security features include:

Infrastructure and Data

  • HITECH certified data centers
  • Separate database and application servers
  • Double sever redundancy (3-replica sets)
  • Dedicated, non-shared servers
  • Logical segmentation of customer data
  • Dedicated firewall and intrusion scanning


  • SSL 2048-bit data encryption during transit
  • Disk Level database encryption (i.e., encryption at rest)

Audit Controls

  • Fully readable audit logs for account admins
  • Tracking of all View, Edit, Delete, Modify events
  • Event level tracking for all users
  • Custom selection of auditable events
  • Logging of all failed login attempts

Access and Authentication

  • Access control via username and passwords
  • Automatic user logoff (custom time)
  • Strong password requirement SC 03.02
  • Case sensitive usernames (ISO-646/ECMA-6 )
  • Password expiration (custom time)
  • No password reuse for 12 month
  • Account lock upon a custom number of failed login attempts
  • Access groups with custom access roles
  • SSO (optional)
  • Limited feedback after failed attempt
  • No access to customer data by Ripple’s staff except when mandated by law or when explicitly requested and authorized by customer for data recovery or technical support purposes.
Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.