DOC 607 hipaa (#3762)

* Initial draft of HIPAA doc

* Additional HIPAA updates

* [netlify-build]

* [netlify-build]

* Cleanup [netlify-build]

* Update src/privacy/hipaa-eligible-segment.md

* removed "o"

* Add link to blog post [netlify-build]

* Add docs for new Aampe destination (#3803)

* Add docs for new Aampe destination

* Add 'Aampe' to accept list

Co-authored-by: markzegarelli <[email protected]>

* Re-adding these (#3808)

Co-authored-by: stayseesong <[email protected]>
Co-authored-by: Segment Docs Robot <[email protected]>
Co-authored-by: Thomas Gilbert <[email protected]>

Author: 4 people

src/_data/sidenav/main.yml

@@ -396,6 +396,8 @@ sections:
       title: User Deletion and Suppression
   - path: /privacy/account-deletion
     title: Account & Data Deletion
+  - path: /privacy/hipaa-eligible-segment
+    title: HIPAA Eligible Segment  
   - path: /privacy/faq
     title: Privacy FAQs
 - section_title: Protocols

src/privacy/hipaa-eligible-segment.md

@@ -0,0 +1,21 @@
+---
+title: HIPAA Eligible Segment
+---
+
+Segment is a HIPAA eligible platform, and meets the data privacy and security requirements of healthcare customers and their stakeholders. For more information about Segment becoming HIPAA eligible, see the [announcement blog post](http://segment.com/blog/segment-for-healthcare){:target="_blank"}.
+
+## Business Associate Addendum
+
+> info ""
+> Twilio BAA are available to customers on a Business Tier plan.
+
+Before you begin, check that the Segment products and services you'll use for your HIPAA workflows are on the list of Twilio's [HIPAA Eligible Products and Services](https://twil.io/HIPAA-eligible-products-and-services){:target="_blank"}. After you've verified availability, contact your Account Expert to [request a demo](https://segment.com/contact/sales/){:target="_blank"}.
+
+## Verify your Workspace
+
+Ensure your Workspace is eligible for HIPAA before you configure and send any personal health information (PHI).
+
+1. In your Workspace, navigate to **Settings > Workspace Settings**.
+2. On the **General Settings** tab, ensure that the HIPAA badge appears. This badge confirms that the Workspace is HIPAA eligible. ![HIPAA Eligible](images/hipaa-eligible.png)
+
+With the BAA signed and Workspace confirmed as eligible, you can start building. For more information about starting a HIPAA compliant implementation, see Twilio's [Architecting for HIPAA on Twilio](https://twil.io/architecting-for-hipaa){:target="_blank"}, which outlines the shared responsibilities and requirements for building and maintaining HIPAA-compliant workflows in Segment.

src/privacy/images/hipaa-eligible.png

@@ -2,6 +2,6 @@
 title: Privacy Tools Overview
 ---
 
-Segment includes a suite of Privacy tools to help your organization comply with regulations like the GDPR and the CCPA.
+Segment includes a suite of Privacy tools to help your organization comply with regulations like HIPAA, the GDPR, and the CCPA.
 
 {% include components/signpost.html sections=site.data.privacy.sections %}

src/privacy/index.md

@@ -3,7 +3,7 @@ title: Privacy Portal
 ---
 {% include content/plan-grid.md name="privacy" %}
 
-When preparing for new privacy regulations (such as the GDPR or the CCPA), the
+When preparing for new privacy regulations (like HIPAA, the GDPR, or the CCPA), the
 best practice is to create a comprehensive data inventory which includes details
 about what personal information you collect, where you collect it from, where
 you store the data, and who has access to it. The Privacy Portal helps automate
@@ -23,7 +23,7 @@ Privacy Portal features are available to all Segment workspaces, however only wo
 
 The Inbox helps you keep track of new restricted data types as they are captured, quickly classify them, and build a data Inventory.
 
-We detect these fields by scanning data from your Web, Mobile, Server, and Cloud Event Sources to detect PII based on our [default PII matchers](#default-pii-matchers). New properties sent into Segment appear in the Inbox in realtime.
+Segment detects these fields by scanning data from your Web, Mobile, Server, and Cloud Event Sources to detect PII based on the [default PII matchers](#default-pii-matchers). New properties sent into Segment appear in the Inbox in realtime.
 
 When you view the Inbox for the first time, it displays every property that was sent into Segment from Web, Mobile, Server, and Cloud Event Sources dating back to August 9, 2019. ([Cloud Object Sources](/docs/connections/sources/#cloud-apps) do not appear in the Inbox at this time.)