Compliance controls available on GCP deployments
This page outlines the HIPAA compliance controls available on SAP Databricks accounts deployed on GCP.
HIPAA
Before you process PHI data, it is your responsibility to check that you have a BAA agreement with SAP Databricks.
HIPAA compliance controls are supported for workspaces in all regions.
HIPAA applies to covered entities and business associates that create, receive, maintain, transmit, or access PHI. When a covered entity or business associate engages the services of a cloud service provider (CSP), such as SAP Databricks, the CSP becomes a business associate under HIPAA.
HIPAA regulations require that covered entities and their business associates enter into a contract called a Business Associate Agreement (BAA) to ensure the business associates will protect PHI adequately. Among other things, a BAA establishes the permitted uses and required disclosures of PHI by the business associate, based on the relationship between the parties and the activities and services being performed by the business associate.
Enable HIPAA compliance controls
To enable your SAP Databricks account for HIPAA compliance, contact your SAP Databricks account team.
HIPAA compliance features are enabled at the account level. After your SAP Databricks account is enabled for HIPAA, all workspaces in the account have HIPAA compliance features. Enabling HIPAA compliance features for an account is permanent. To deploy a workspace without HIPAA compliance features, you must create a separate SAP Databricks account.
Which compute resources get enhanced security
The compliance security profile enhancements for HIPAA apply to serverless SQL warehouses in all regions. Serverless compute for notebooks and workflows is not supported with HIPAA.