Is a Geocoder in our ArcGIS 10.5.1 (Enterprise) HIPPA Compliant

JeffreyUtter2 · ‎08-03-2017

A question came up, so I'm asking the community what your thoughts are. I have setup Portal for ArcGIS, Web Adapter and Insight for ArcGIS on this environment.

ESRI, please chime and provide documentation if applicable.

Thanks.

DerekLaw · ‎08-04-2017

Hi Jeffrey,

FYI, documentation on the ArcGIS Platform compliance can be found here,

Compliance—Trust ArcGIS | ArcGIS

For your question, you'll need to be more specific: do you mean if you were to use the default World Locator Service from ArcGIS Online with your ArcGIS Enterprise installation? Or would you use your own custom locator service (that presumably would be stored in your own infrastructure) with ArcGIS Enterprise?

In the former case, the answer is "no", in the latter case - I think it would depend on the specifics of your organization's infrastructure. You would need to check if it meets HIPAA requirements.

FYI, please see the last section on this page: Privacy—Trust ArcGIS | ArcGIS where Esri is able to meet HIPAA requirements via its Managed Cloud Services offering.

Hope this helps,

JeffreyUtter2 · ‎04-18-2018

Ok, I'm late in replying...

Alright, so a customer built geocoder within our environment would be HIPPA compliant.

I had another question, somewhat related.

Can you expound on these two HIPPA GIS environment scenarios:

HIPAA EMCS Advanced Plus environment vs. in-house ArcGIS Server on a VM with locked down REST End Points (only those who are Users of the Folder can see the data) using Groups/Users and encrypted SQL Server FC as the data source?

Thanks.

Jeff