At LaunchDarkly, protecting the privacy of our customers and their users is of the utmost importance. We understand our customers place a high amount of trust in us to power critical applications, and we’re committed to exceeding industry standards when it comes to security and compliance. That's one reason we’re proud to announce an expansion of our commitment to healthcare customers looking to satisfy Health Insurance Portability and Accountability Act (HIPAA) requirements.
LaunchDarkly can now enter into a Business Associate Agreement (BAA) with customers who require it or wish to use protected health information (PHI) with our platform. With this milestone, we hope to enable even more healthcare customers to innovate faster and improve care for patients.
LaunchDarkly already helps many healthcare companies—including some of the top health insurance providers—with faster, safer, and more efficient software releases. These customers configure LaunchDarkly so that sensitive data is not shared with our service (more on that to follow).
LaunchDarkly does not require any personally identifiable information (PII) or PHI. In fact, we encourage customers to restrict sensitive data as much as possible. And our platform comes with a number of safeguards for minimizing access to user data.
Our commitment to security, privacy, and compliance
Our security team is dedicated to driving continuous security improvements throughout the business and for our customers. In addition to supporting HIPAA compliance, we maintain multiple third-party certifications focusing on data security and privacy. Providing these assurances helps us better support customers that desperately need to improve their software delivery processes but are operating under strict regulations.
In addition, and perhaps more importantly, our engineering team has prioritized building a secure, reliable platform for all of our users. We work with customers across a wide range of industries—including financial services and the federal government—and we continue to invest in functionally that satisfies the security concerns of those in the most risk-averse environments.
Developers working in complex, regulated environments deal with a good amount of bureaucracy and process. When it comes to internal security, user privacy, and compliance—LaunchDarkly makes it easy for developers to focus on building their core product.
Along with encryption in transit, multi-factor authentication, granular access controls, and full audit logs, we offer comprehensive functionality to help customers meet security and compliance needs. Some of these features include:
Private Attributes
LaunchDarkly's private attribute settings restrict the user data sent to LaunchDarkly. Customers use private attributes to prevent PHI from being shared with the LaunchDarkly service.
Secure client-side evaluation
Given the insecure nature of client devices, rule evaluation for client-side SDKs in LaunchDarkly is based on a single user context to prevent sensitive data from being exposed.
Relay Proxy
The Relay Proxy concentrates the outbound connections to LaunchDarkly. Relay Proxy runs within your own infrastructure, so no private data ever needs to leave your network.
Approvals
Approvals let teams enforce a configured approval process for changes in certain environments. This helps teams adhere to, and streamline, existing change management processes.
Healthcare companies navigating digital transformation need tools that promote modern development while satisfying InfoSec requirements. LaunchDarkly helps healthcare customers ship faster, improve user experiences, and migrate applications to the cloud—all in a secure and compliant manner. We’re looking forward to how our extended support for HIPAA compliance will help accelerate the pace of healthcare technology that improves patient outcomes.
Learn more about LaunchDarkly’s security program here.