Disclaimer: This website requires Please enable JavaScript in your browser settings for the best experience.

HomeDev GuideRecipesAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide

HIPAA-enabled CMS

Describes the differences and the features that are excluded from a HIPAA-enabled CMS (SaaS).

A HIPAA-enabled CMS complies with HIPAA regulations, which are essential for healthcare organizations and businesses that handle Protected Health Information (PHI). Optimizely CMS includes auditing and security measures to protect patient data and ensure privacy.

📘

Note

This content applies also to the PaaS Portal and Deployment API.

🚧

Important

A HIPAA-enabled CMS is not compatible with other non-HIPAA enabled Optimizely products. Data exchange outside the platform is only allowed with other HIPAA-enabled integrations, ensuring that all data handling remains compliant. You must ensure any integrations or additional tools you use are also HIPAA-compliant.

Features and third-party integrations in CMS that are not HIPAA-compliant are modified or restricted to ensure that data exchanges are secure and compliant. The following features are excluded from CMS (PaaS and SaaS) for HIPAA compliance:

  • SendGrid SMTP
  • Production database exports
  • Content sync-down
  • Edge log exports
  • Ability to start a project migration

Differences between standard and HIPAA-enabled CMS offerings

The following table compares the standard and HIPAA-enabled CMS with specific capabilities and benefits relevant to healthcare organizations:

AspectStandard CMSHIPAA-enabled CMS
Compliance and securityStandard security measuresAdditional auditing and security for HIPAA compliance
Feature and integration restrictionsFull feature and integration availabilityCertain features and integrations restricted for HIPAA compliance
Data exchangeFlexible data exchange optionsData exchange only with HIPAA-enabled integrations
Exclusions in PaaS & SaaSFeatures like SendGrid SMTP, database exports, and so on, are availableExcludes SendGrid SMTP, database exports, content sync-down, edge log exports, and project migration
CompatibilityCompatible with a wide range of Optimizely productsNot compatible with non-HIPAA enabled Optimizely products
Capabilities and benefitsGeneral content management capabilitiesDelivers personalized experiences based on health needs and history. Tests content, layouts, and campaigns for effectiveness. Provides analytics and insights into performance and behavior