HIPAA compliance in Dagster+ serverless
This guide covers setting up Dagster+ Serverless in a HIPAA compliant way.
Disclaimer
This is guidance only, not legal advice. Dagster Labs makes no HIPAA compliance guarantees. Consult legal or compliance professionals.
Prerequisites before processing protected health information (PHI)
- Execute a Business Associates Agreement (BAA) with Dagster Labs. (Contact your account representative or customer success manager.)
- Request access to our Trust Center to review our security and compliance documents.
- Review the Dagster+ Serverless security doc.
- Coordinate with your account representative or customer success manager to disable the default Serverless I/O manager.
Important
You must disable the default I/O manager before processing any PHI. The default I/O manager is not HIPAA-compliant. Coordinate with Dagster Engineering through your account representative or customer success manager to ensure proper configuration.
Additional considerations
HIPAA compliance is an ongoing process that requires:
- Regular security assessments
- Comprehensive documentation of all configurations and processes
- Continuous monitoring and audit logging
- Staff training on HIPAA requirements
Getting help
For questions about HIPAA compliance with Dagster+, contact your account representative or customer success manager.