You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/privacy/hipaa-eligible-segment.md
+14-1Lines changed: 14 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,6 +4,7 @@ title: HIPAA Eligible Segment
4
4
5
5
Segment is a HIPAA eligible platform, and meets the data privacy and security requirements of healthcare customers and their stakeholders. For more information about Segment becoming HIPAA eligible, see the [announcement blog post](http://segment.com/blog/segment-for-healthcare){:target="_blank"}.
6
6
7
+
7
8
## Business Associate Addendum
8
9
9
10
> info ""
@@ -18,4 +19,16 @@ Ensure your Workspace is eligible for HIPAA before you configure and send any pe
18
19
1. In your Workspace, navigate to **Settings > Workspace Settings**.
19
20
2. On the **General Settings** tab, ensure that the HIPAA badge appears. This badge confirms that the Workspace is HIPAA eligible. 
20
21
21
-
With the BAA signed and Workspace confirmed as eligible, you can start building. For more information about starting a HIPAA compliant implementation, see Twilio's [Architecting for HIPAA on Twilio](https://twil.io/architecting-for-hipaa){:target="_blank"}, which outlines the shared responsibilities and requirements for building and maintaining HIPAA-compliant workflows in Segment.
22
+
With the BAA signed and Workspace confirmed as eligible, you can start building. For more information about starting a HIPAA compliant implementation, see Twilio's [Architecting for HIPAA on Twilio](https://twil.io/architecting-for-hipaa){:target="_blank"}, which outlines the shared responsibilities and requirements for building and maintaining HIPAA-compliant workflows in Segment.
23
+
24
+
## HIPAA Auditing
25
+
Segment maintains audit logs of every read and update action a user performs in the Segment app that may involve PHI/PII.
26
+
27
+
Data captured in the HIPAA audit logs includes:
28
+
-`workspace_id`: unique identifier of the workspace
29
+
-`actor_user_id`: unique identifier Segment assigns to the logged in user
30
+
-`event_type`: The action performed by the user. For example, `Source Debugger Raw Viewed`, `Destination Filter Modified`, or other events
31
+
-`end_user_id`: Segment sometimes assigns this unique identifier to an end-user, event, audience, or journey, depending on the event type
32
+
-`timestamp`: Time in UTC when the action occurred
33
+
34
+
These logs can be provided upon request. For specific requests, please reach out to [[email protected]](mailto:[email protected]){:target="_blank"}.
0 commit comments