HIPAA/HITRUST
built-inHealthcare compliance for protecting electronic health information
Access Control
| Status | Check | Description | Evidence | Last Evaluated |
|---|---|---|---|---|
| ✓ |
Identity-Aware Proxy enabled
iap_enabled
|
Ensure IAP is enabled for web applications accessing protected health information | IAP configured via Cloud Load Balancing. | 2026-05-19 16:15 |
Availability
| Status | Check | Description | Evidence | Last Evaluated |
|---|---|---|---|---|
| ✗ |
Cloud SQL high availability for PHI
sql_ha_enabled
|
Ensure Cloud SQL instances storing PHI are configured for high availability | Instances without HA: pioneer-demo-cl-db, pioneer-production-cl-db, pioneer-demo-wb-db, pioneer-production-wb-db, pioneer-staging-cl-db, pioneer-demo-ow-db, pioneer-staging-wb-db, pioneer-staging-ow-db | 2026-05-19 16:15 |
Encryption
| Status | Check | Description | Evidence | Last Evaluated |
|---|---|---|---|---|
| ✓ |
PHI data encryption
encryption_at_rest
|
Ensure all data at rest and in transit is encrypted with CMEK for PHI workloads | Google Cloud encrypts all data at rest by default using AES-256. | 2026-05-19 16:15 |
| ✓ |
Secrets not exposed in environment
secrets_in_manager
|
Verify sensitive values are stored in Secret Manager and not in environment variables or source code | 71 secret(s) managed in Secret Manager. | 2026-05-19 16:15 |
Network
| Status | Check | Description | Evidence | Last Evaluated |
|---|---|---|---|---|
| ✗ |
No public IPs on Cloud Run
cloud_run_no_public_ip
|
Verify Cloud Run services handling PHI are not exposed with public ingress | Services with public ingress: pioneer-demo-cl-web, pioneer-demo-ow-web, pioneer-demo-wb-mcp, pioneer-demo-wb-web, pioneer-production-cl-web, pioneer-production-ow-web, pioneer-production-wb-mcp, pioneer-production-wb-web, pioneer-staging-cl-web, pioneer-staging-ow-web, pioneer-staging-wb-mcp, pioneer-staging-wb-web | 2026-05-19 16:15 |