ngrok is now HIPAA-compliant

The team at ngrok is very excited to announce that the ngrok platform can support HIPAA workloads!

HIPAA, the Health Insurance Portability and Accountability Act, is the US federal law enacted to protect patient health information. The law sets stringent standards in order to secure electronic protected health information (ePHI/PHI). Achieving HIPAA compliance means that ngrok has implemented the administrative, physical, and technical safeguards required to protect sensitive patient data.

You can now take advantage of ngrok’s universal gateway while continuing to adhere to HIPAA requirements.

HIPAA compliance helps if you want to use ngrok to:

• Webhook gateway: Handle webhooks from third-parties where PHI is involved.
• API gateway: Operate as the gateway to route traffic containing PHI from the public internet to internal services.
• Site-to-site: Connect your service to customer networks where PHI data is transmitted and/or stored.
• Remote access or SSH: Remotely access devices for troubleshooting within customer networks where PHI is transmitted and/or stored.

What safeguards do we put in place to protect PHI

We've dedicated trust.ngrok.com to how we secure ngrok, and all of this applies to how we protect PHI.

Additionally, we’ve set up account level guardrails to ensure that ngrok always encrypts and never stores PHI, only transits through our network in an entirely encrypted fashion. This data in transit is encrypted throughout our network.

Getting started

Get started on ngrok with HIPAA workloads by reaching out to sales@ngrok.com.

For best practices around ngrok HIPAA implementations, see our docs for HIPAA-compliant services and general security quick wins.