By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Announcing OneSchema's HIPAA Security Report

As part of our commitment to supporting healthcare organizations, we’re excited to announce that OneSchema has received our external HIPAA Security Report covering breach requirements along with administrative, physical, technical, and organizational safeguards.

Sol Chen

Sol is the Chief of Staff at OneSchema.

February 24, 2023

At OneSchema, protecting the privacy of sensitive user information remains at the forefront of our priorities as we continue to launch new features. Our customers place a high amount of trust in us in providing best-in-class data import capabilities, and we're committed to exceeding industry standards when it comes to security.

Since establishing our HIPAA compliance last June, we’ve been proud to collaborate with healthcare organizations in streamlining their data import experience. Today, we’re excited to announce that OneSchema has received our external HIPAA Security Report covering breach requirements along with administrative, physical, technical, and organizational safeguards.

An overview of HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) places strict requirements for how ePHI is collected, stored, processed, and shared by companies in the United States. This includes an individual’s demographic data, health status, medical history, payment for health care, or any information that’s created, received, stored, or transmitted by a HIPAA-covered entity.

The HIPAA Privacy, Security, and Breach Notification rules apply to both covered entities and business associates who create, receive, maintain, or transmit ePHI in the course of performing services on behalf of the covered entity. 

Covered entities and business associates (such as OneSchema) with access to ePHI are required to ensure that:

  1. Appropriate safeguards are in place to maintain the security of patient data
  2. They are in compliance with the HIPAA Privacy Rule
  3. They have policies in place to comply with the Breach Notification Rule should a data breach occur

OneSchema’s HIPAA Security Report

OneSchema’s HIPAA security examination was performed by an independent third party auditor, Insight Assurance, and monitored by Vanta, the leader in automated HIPAA Compliance monitoring. At the end of the examination, OneSchema received a fully clean report with no exceptions noted. This audit provides an external examination of the controls in our infrastructure and operations, and ensures our commitment to complying with information security standards and industry best practices.  

“Pursuing an independent HIPAA security audit is part of OneSchema’s commitment to transparency and providing our customers with the most secure solution available,” said Andrew Luo, CTO & co-founder of OneSchema. “We serve a broad set of healthcare customers, and our commitment to regularly adding additional security and privacy controls will enable them to focus on building the best user experience possible while adhering to their strict regulatory requirements.” 

Healthcare customers requiring a Business Associate Agreement (BAA) for HIPAA compliance can use the platform to easily launch delightful spreadsheet import experiences, from embeddable CSV import, to importing CSVs from an SFTP folder on a recurring basis. Our standard BAA meets the requirements of HIPAA, making it easy for covered entities to work with OneSchema as a business associate. 

Our commitment to privacy, security, and compliance

While we have a demonstrated history of trust within the healthcare industry from our investment in comprehensive security protections, HIPAA compliance is just one part of our commitment to supporting enterprises seeking to meet compliance requirements. 

To strengthen privacy and security, OneSchema offers encryption in transit, SSO with SAML, audit logging, role-based access control (RBAC), and multi-factor authentication. We also hold SOC 2 Type II certification, conduct annual external penetration tests, and comply with GDPR. We work with customers across a wide range of industries and continue to dedicate resources towards building a secure, reliable platform for companies in the most risk-averse environments.

If you'd like to learn more about OneSchema’s Enterprise security, please visit our security page or contact

OneSchema logo

Ready to make data imports effortless and efficient? Request a demo of OneSchema here or email us at

Continue reading

Make data imports effortless and efficient

Ready to get started?

Request a Demo