Connect User Healthcare Data Securely: Nylas is Now HIPAA Type 1 / HITECH Compliant

Work with Nylas in comfort, knowing that your private health data is safe and secure.


Security has always been our top priority at Nylas – from the way we process and store data to the rich security features available on our platform like data residency, SSO, and native authentication.

Earlier this year, we made our front-end, embeddable scheduling UI free to all healthcare companies fighting COVID. Today, to continue to help our customers and meet the growing demands of the healthcare industry, we’re excited to announce that the Nylas platform is HIPAA Type 1 /  HITECH compliant.

It’s no secret that this year has seen a massive spike in demand for telehealth (a 65% increase this year alone). This has left product and engineering teams scrambling to build secure and compliant features faster than ever before. Supporting the great demand for remote doctor appointments takes time – building integrations to each of your user’s calendar providers and ensuring the integrations are secure, fast, and performant presents challenges when there are so many features to build and only so many hours in the day.

Now, with Nylas, developers building healthcare applications can increase velocity and support the ever-increasing remote world with ease and confidence.

HIPAA Type 1 and HITECH with Nylas: What it Means for You

To attain HIPAA Type 1 / HITECH Compliance, Nylas implemented additional security safeguards to strengthen its administrative, physical, and technical defenses. Specifically, we have incorporated additional security measures such as:

  1. Stricter back-up policies and procedures
  2. Reducing our data retention limit to two weeks
  3. HIPAA Type 1 / HITECH compliant notification processes for data breaches
  4. Signing Business Associate Agreements for Essentials tier+ customers

These features supplement Nylas’s existing security measures such as end-to-end data encryption, GDPR compliance, CCPA compliance, SOC 2 Certification, and EU SCC. For healthcare applications that need to integrate with Gmail user data, we even offer an express security review to help you get up and running in a fraction of the time with the lowest-cost guaranteed. 

Nylas Stands Out as One of the Few Infrastructure Companies with HIPAA Type 1 / HITECH Compliance

Not every infrastructure platform is HIPAA Type 1 / HITECH compliant, largely due to the high cost and ongoing staffing requirements needed to attain this certification. 

To lighten the burden of engineering teams and help increase velocity, attaining HIPAA Type 1 / HITECH compliance just made sense. Now, developers can securely and confidently connect their users’ email, calendar, and contacts data to enable workflows that improve user efficiency and improve overall patient satisfaction. Some example workflows include:

  • Scheduling Appointments
    • With Nylas, you will be able to automate appointment booking workflows without building the complex integrations needed. You can now easily offer scheduling features using the Nylas Scheduler, and your patients can quickly book appointments securely.
  • Emailing with Patients
    • You can now increase communication with patients while maintaining the highest security standards with the Nylas Email API. Needing to securely send PDFs of lab results, bills, and other PHI material?  Now you can incorporate these communication features and documents without having to worry about violating HIPAA.
  • Virtual Visits
    • Through the Nylas Calendar API, your users can now schedule and manage virtual visits directly from your platform. Allow users to natively access calendar features without having your team build complicated calendar integrations. Since Nylas is HIPAA / HITECH compliant, your users will be at ease knowing that all the data that runs through Nylas is held to the highest security standards.

Keep PHI Safe and Secure for Years to Come with Nylas

Learn how the Nylas platform is here to help keep your customer’s data safe, secure, and private. Speak to a platform specialist now.


You May Also Like

How to locally test your Webhooks using Java
How to send an email using Panel
How to send an email using

Subscribe for our updates

Please enter your email address and receive the latest updates.