Hey, I hope you’re all doing well. I’m working on a product that needs to be HIPAA-compliant. I’m using Auth0 for authentication, and we’ll only store the user’s email and password, no patient metadata.
I’m a bit confused about Auth0’s HIPAA support. Is Auth0 HIPAA-compliant?
If yes, how can we obtain a BAA with Auth0? I currently have a free account and couldn’t find an option for this.
Do I need to upgrade my plan to access a BAA?
Hi @daniel20
Welcome to the Auth0 Community!
I’m a bit confused about Auth0’s HIPAA support. Is Auth0 HIPAA-compliant?
Yes, Auth0 can be used in a HIPPA compliant implementation, however it is not HIPPA compliant out of the box on a Free plan. To be compliant, you must execute a Business Associate Agreement (BAA) with Auth0. This agreement is only available on Enterprise plans. You cannot obtain a BAA on the Free, Essentials, or Professional (self-service) plans.
Because the BAA is a legal addendum that modifies the standard Terms of Service, Auth0 does not offer it for self-service accounts (Free/Essentials/Professional). It is exclusive to Enterprise contracts where legal terms can be formally managed.
An user under an Enterprise Agreement can open a support ticket in regards to obtaining the BAA.
If you have any other questions, let me know!
Kind Regards,
Nik
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.