We're excited to announce that Knock is now HIPAA compliant.

HIPAA, or Health Insurance Portability and Accountability Act, sets strict requirements for how your electronic protected health information (ePHI) is collected, stored, processed, or shared by a company in the United States.

With this announcement we’re also announcing a new set of controls in Knock to obfuscate customer data within the Knock dashboard, while still giving your team the ability to debug your notification system as needed. These controls can be enabled on a per-environment basis, enabling you to secure customer data in production while continuing to work the way you want in your internal-only development environments.

An environment with data obfuscation enabled in Knock

Why HIPAA compliance matters

Notifications power the modern healthcare ecosystem. From a doctor’s appointment reminder to billing updates, healthcare providers depend on secure, reliable messaging to communicate effectively with their patients. With this latest privacy update, we can offer secure and confidential notifications API to health-tech companies and healthcare providers.

Ongoing security and privacy updates

We’ve invested in the security of our service from day zero to keep user and customer data secure. We commit to continuously updating the security of our services and you can expect an ongoing effort from our team here in the future.

If you'd like to learn more about our security practices, you can do so on our security page.