API2PDF and HIPAA Compliance for PDF Generation

January 31st, 2019 / by api2pdf /


HIPAA is a US law that governs data privacy and security of confidential medical patient records. Breach of HIPAA could yield immense fines and punishment. It is of utmost seriousness and organizations go to great lengths to ensure they are HIPAA compliant.

We recognize that medical technology relies on PDF generation, and we receive many inquiries about API2PDF’s HIPAA compliance.

API2PDF and HIPAA Compliance

All we do at API2PDF is pass your JSON payload straight to AWS Lambda + store the resulting PDF on Amazon S3. We offer a DELETE PDF endpoint so that you can delete the generated PDF off of our S3 storage immediately. If you do not explicitly delete the PDF, API2PDF automatically deletes the PDF after 24 hours anyway.

AWS outlines their HIPAA information on this page here: https://aws.amazon.com/compliance/hipaa-compliance/. We do not store any of the raw HTML payload on any of our servers at all.

While all we do is pass your payload to AWS and generate a temporary PDF in a very secure manner, we have not been audited for HIPAA compliance and so we cannot attest to that we are. Therefore, we do not sign HIPAA Business Associates Agreements.

Hosting on your own cloud account

People love our Lambda functions and they are for sale. If you feel most comfortable running API2PDF’s Lambda functions on your own AWS account, you can buy them for a one-time cost. Our developers will help you install them on your account. Contact us if you want to learn more.


Tags: , , , ,

Comments are closed.