BBAA Atlas

Is Elastic Cloud HIPAA compliant?

Cloud data platform · vendor site ↗

Signs a BAAPHI eligibleSOC 2 Type II
Will Elastic Cloud sign a HIPAA BAA?
Yes — Elastic Cloud will sign a HIPAA Business Associate Agreement (BAA).
Elastic offers a HIPAA-compliant BAA for Elastic Cloud across all subscription tiers and all regions on AWS, Azure and GCP. Elastic Cloud Serverless on AWS additionally satisfies the HIPAA Security Rule and Breach Notification Rule.
PHI eligibility
Customers subject to HIPAA may process, manage and store PHI on Elastic Cloud under a BAA with appropriate controls (encryption, RBAC, logging); HIPAA is a shared-responsibility model.
SOC 2
SOC 2 Type II
Trust center
elastic.co
Sub-processors
Notes
BAA availability spans all Elastic Cloud subscription tiers, not just enterprise.
Last verified 2026-05-31confidence: high· Vendor terms change — confirm directly with Elastic Cloud before storing PHI.

Get notified when this changes

We track Elastic Cloud's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Elastic Cloud

Yes — Elastic Cloud will sign a HIPAA Business Associate Agreement (BAA).

Request routeBy request — via trust center or support
  1. 1
    Confirm your account is covered
    Elastic offers a HIPAA-compliant BAA for Elastic Cloud across all subscription tiers and all regions on AWS, Azure and GCP. Elastic Cloud Serverless on AWS additionally satisfies the HIPAA Security Rule and Breach Notification Rule.
  2. 2
    Request the Business Associate Agreement
    Elastic Cloud provides the BAA on request. Open a request through Elastic Cloud's trust center and ask for the current Business Associate Agreement covering your plan.
  3. 3
    Confirm what PHI is allowed before you store any
    Customers subject to HIPAA may process, manage and store PHI on Elastic Cloud under a BAA with appropriate controls (encryption, RBAC, logging); HIPAA is a shared-responsibility model. Match your configuration to this scope before putting protected health information into Elastic Cloud.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Elastic Cloud before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Elastic Cloud sign a HIPAA Business Associate Agreement (BAA)?
Yes — Elastic Cloud will sign a HIPAA Business Associate Agreement (BAA). Elastic offers a HIPAA-compliant BAA for Elastic Cloud across all subscription tiers and all regions on AWS, Azure and GCP. Elastic Cloud Serverless on AWS additionally satisfies the HIPAA Security Rule and Breach Notification Rule.
Is Elastic Cloud HIPAA compliant?
Elastic Cloud can be used in a HIPAA-compliant way: it signs a Business Associate Agreement (BAA), which HIPAA requires before you process PHI with a vendor. Customers subject to HIPAA may process, manage and store PHI on Elastic Cloud under a BAA with appropriate controls (encryption, RBAC, logging); HIPAA is a shared-responsibility model.
Can you store PHI (protected health information) in Elastic Cloud?
Customers subject to HIPAA may process, manage and store PHI on Elastic Cloud under a BAA with appropriate controls (encryption, RBAC, logging); HIPAA is a shared-responsibility model.
Is Elastic Cloud SOC 2 certified?
Elastic Cloud reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Elastic Cloud?
Elastic Cloud provides the BAA on request. Open a request through Elastic Cloud's trust center and ask for the current Business Associate Agreement covering your plan. Confirm current terms directly with Elastic Cloud before storing PHI.
What plan do I need to sign a BAA with Elastic Cloud?
Elastic offers a HIPAA-compliant BAA for Elastic Cloud across all subscription tiers and all regions on AWS, Azure and GCP. Elastic Cloud Serverless on AWS additionally satisfies the HIPAA Security Rule and Breach Notification Rule.

Sources

Announcing Elasticsearch Service with HIPAA compliance
https://www.elastic.co/blog/announcing-elasticsearch-service-with-hipaa-compliance
Supports: BAA offered; PHI may be processed/storeddated: 2019-11-01
Trust Center | Elastic
https://www.elastic.co/trust/security-and-compliance
Supports: BAAs across all subscription tiers and clouds; SOC 2 Type IIdated: undated
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Elastic Cloud before processing protected health information.

Check another vendor

ConfluentSigns a BAADatabricksSigns a BAAFivetranBAA on select plansSnowflakeBAA on select plansActiveCampaignBAA on select plansAcuity SchedulingBAA on select plans

See all HIPAA compliant databases & data platforms
Browse all 105 vendors by category →