OpenVPN Logo
Access Server and CloudConnexa are HIPAA CompliantOpenVPN is dedicated to safeguarding the protected health information (PHI) of all of our customers in the healthcare, insurance, and pharmaceutical industries.

What is HIPAA compliance and why does it matter?

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, or HIPAA, specifically focuses on the safeguarding of PHI through the implementation of administrative, physical, and technical safeguards. Compliance is mandated to all organizations defined by HIPAA as a covered entity and a business associate. Compliance also ensures that businesses meet the requirements of the Breach Notification Rule as formalized by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and the Omnibus Rule of 2013.

The scope of review includes 3 fundamental security parameters

This assessment reviewed the use, disclosure, and accessibility of PHI. The scope of this review included OpenVPN, Inc.'s policies and procedures related to HIPAA Compliance; OpenVPN, Inc.'s information system(s) and platform(s) maintaining PHI.

HIPAA compliance must be satisfied by all employees and business associates

The HIPAA Security Rule specifically focuses on the safeguarding of PHI through the implementation of administrative, physical, and technical safeguards. Compliance is mandated to all organizations defined by HIPAA as a covered entity and a business associate.

HIPAA compliance requires audits in several disciplines

The requirements of the HIPAA Security Rule are organized according to safeguards, standards, and implementation specifications, including:
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Organizational Requirements
  • Policies, Procedures, and Documentation Requirements

HIPAA compliance requires ongoing evaluation

HIPAA compliance requires periodic maintenance, meaning compliance is an ongoing practice.

Additional OpenVPN Security Measures

We keep your business safe so you can do the same for your customers. In addition to HIPAA compliance, OpenVPN is also SOC 2 compliant. OpenVPN also includes additional security measures, including:
Built on the OpenVPN Open Source Protocol Icon

Built on the OpenVPN Open Source Protocol

OpenVPN is built on the time-tested, secure OpenVPN open source protocol trusted by millions.

Shield Icon

Encrypted Data

OpenVPN encrypts your data and requires that all employees use SSO.

Vulnerability Management Icon

Vulnerability Management

OpenVPN's vulnerability management program ensures the confidentiality, integrity, and availability (CIA) of the organization's information systems landscape, which includes all critical system resources.

Server Icon

Strict Hardening Settings

OpenVPN adopts its system hardening settings from the most restrictive baselines from Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), and/or public CSP baseline configurations.

People Icon

Third-party Validation

OpenVPN continually seeks third-party certification and validation of our security procedures.

world Icon

Risk Assessments

OpenVPN has designed a risk assessment program to assess the organization's enterprise-level risk at least annually or upon significant changes to the environment.

Level Up Your Network Security with OpenVPN

OpenVPN CloudConnexa and Access Server include security features that help keep your customers' data safe.
Learn About CloudConnexaLearn About Access Server