Is Heroku HIPAA Compliant?

Heroku is a platform-as-a-service (PaaS) offering. The service is offered as a developer platform for quickly developing applications without much DevOps configuration and database management.

Read Our Latest Whitepaper – Managing HIPAA in AWS   Download Whitepaper

Heroku provides specific add-ons for configuring an environment in a HIPAA compliant manner. For several thousand dollars a month, Heroku offers a dedicated network with specific encryption and logging standards. Unfortunately it is your organization’s responsibility to insure that all other required physical, technical, and administrative safeguards and policies have been implemented to maintain HIPAA compliance. 

Most cloud services, including Heroku provide HIPAA compliant services on a “Shared Responsibility” model. Learn more about the compliance requirements shared between your organization and your cloud provider.

HIPAA Compliance with Amazon Web Services


Proprietary platforms such as Heroku create vendor lock-in and can become expensive at scale. As an alternative, Amazon Web Services (AWS) provides a wide array of offerings for creating backend services and deploying applications. These core services can be configured to be HIPAA compliant. AWS offers the flexibility to launch, manage, and scale virtual machines (VMs), cloud storage, managed databases and other services.

Dash allows your organization to create and maintain a HIPAA compliant environment through the Amazon Web Services Platform, with one simple process:

  • Deploy Dash to your AWS Cloud environment
  • Dash’s automated service sets up and optimizes your services
  • Monitor and manage the compliance process through our dashboard

  • Tour Dash Compliance Automation
    Bitnami