Disclaimer: This website requires Please enable JavaScript in your browser settings for the best experience.

Dev GuideAPI ReferenceUser Guide
Dev GuideRecipesAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide
GitHubNuGetDev CommunityOptimizely AcademySubmit a ticket
Start typing to search…

HIPAA-enabled CMS

Describes the differences and the features that are excluded from a HIPAA-enabled CMS (SaaS).

A HIPAA-enabled CMS complies with HIPAA regulations, essential for healthcare organizations and businesses that handle Protected Health Information (PHI). Optimizely CMS includes auditing and security measures to protect patient data and ensure privacy.

📘

Note

This content also applies to the PaaS Portal and Deployment API.

🚧

Important

A HIPAA-enabled CMS is not compatible with other non-HIPAA-enabled Optimizely products. Data exchange outside the platform is allowed only with other HIPAA-enabled integrations, ensuring data handling remains compliant. Ensure any integrations or additional tools you use are also HIPAA-compliant.

Features and third-party integrations in CMS that are not HIPAA-compliant are modified or restricted to ensure data exchanges are secure and compliant. The following features are excluded from CMS (PaaS and SaaS) for HIPAA compliance:

  • SendGrid SMTP
  • Production database exports
  • Content sync-down
  • Edge log exports
  • Project migration

Differences between standard and HIPAA-enabled CMS offerings

The following table compares the standard and HIPAA-enabled CMS with specific capabilities and benefits relevant to healthcare organizations:

AspectStandard CMSHIPAA-enabled CMS
Compliance and securityStandard security measuresAdditional auditing and security for HIPAA compliance
Feature and integration restrictionsFull feature and integration availabilityCertain features and integrations restricted for HIPAA compliance
Data exchangeFlexible data exchange optionsData exchange with HIPAA-enabled integrations only
Exclusions in PaaS & SaaSFeatures like SendGrid SMTP, database exports, and so on, are availableExcludes SendGrid SMTP, database exports, content sync-down, edge log exports, and project migrations
CompatibilityCompatible with a wide range of Optimizely productsNot compatible with non-HIPAA-enabled Optimizely products
Capabilities and benefitsGeneral content management capabilitiesDelivers personalized experiences based on health needs and history. Tests content, layouts, and campaigns for effectiveness. Provides analytics and insights into performance and behavior

Updated 6 days ago