Compliance controls available on Azure deployments
This page outlines the HIPAA compliance controls available on SAP Databricks accounts deployed on Azure.
HIPAA
HIPAA compliance controls are supported for workspaces in all regions.
HIPAA applies to covered entities and business associates that create, receive, maintain, transmit, or access protected health information (PHI). When a covered entity or business associate engages the services of a cloud service provider (CSP), such as SAP Databricks, the CSP becomes a business associate under HIPAA.
HIPAA regulations require that covered entities and their business associates enter into a contract called a Business Associate Agreement (BAA) to ensure the business associates will protect PHI adequately. Among other things, a BAA establishes the permitted uses and required disclosures of PHI by the business associate, based on the relationship between the parties and the activities and services being performed by the business associate.
Enable HIPAA compliance controls
To enable an SAP Databricks workspace for HIPAA compliance, workspaces must be configured to use the compliance security profile.
An account admin must update their account-level compliance settings so that workspaces are created with the compliance security profile enabled by default:
- As an account admin, go to the account console.
- In the sidebar, click Settings.
- Click the Security and compliance tab.
- In the sidebar, click Compliance security profile for new workspaces.
- Next to Compliance security profile, click Configure.
- In the dialog box, toggle on Enabled, select one or compliance standards, or select None and click Save.
After updating this setting, all new workspaces will have HIPAA compliance permanently enabled.