Skip to main content

Documentation Index

Fetch the complete documentation index at: https://upstash.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

You can use Upstash Redis to store and process Protected Health Information (PHI). You are responsible for the following:
  • Signing a Business Associate Agreement (BAA) with Upstash. This is provided as part of our Enterprise offering. Email support@upstash.com to get started.
  • Marking specific databases as HIPAA databases and addressing security issues raised by the Upstash team.
  • Ensuring MFA is enabled on all Upstash Console accounts.
    • Enforce MFA as a requirement to access the organization
  • Enabling Prod Pack which provides encryption at rest and advanced security features (already included in the Enterprise plan).
  • Enabling Credential Protection to prevent storing credentials in Upstash infrastructure and limit console access requiring database credentials.
  • Configuring IP allowlist to restrict database access to authorized networks.
  • Enabling daily backups to validate recoverability and meet retention requirements.
  • Complying with encryption requirements in the HIPAA Security Rule. Data is encrypted at rest and in transit by Upstash. You can consider encrypting the data at your application layer.
  • Ensuring that PHI is stored only within your database. Storing PHI in resource names or other locations is strictly prohibited.
  • Ensuring that PHI is stored only in values of data structures, not in identifiers or keys. Avoid logging keys anywhere.
  • Not using public endpoints to process PHI.
  • Not transferring databases to a non-HIPAA organization.
For a comprehensive guide on implementing these responsibilities in production, see our Production Checklist. For questions about managing healthcare data, contact our support team at support@upstash.com.