We're a medical software company currently self-hosting. We'd love to switch to Aura to minimize the amount of energy we spend on ops, but we need to be HIPAA compliant. Will Neo4j sign a Business Associate Agreement? If so, are there any additional fees associated with this?
Thanks for asking about Aura. Whereas we'd love to be able to serve you with Neo4j Aura, Neo4j Aura is not yet HIPAA-compliant. As a result, we can't sign a BAA because we don't have the compliance infrastructure in-place to ensure the HIPAA-compliance chain of trust of PHI. The technical infrastructure is in place for the security and privacy of data, but the compliance is not yet there. Unfortunately, I don't have a timeline for compliance, but you are not the first to ask.