Heroku HIPAA Compliance

Question

Is it possible to run apps on Heroku that are HIPAA compliant? More specifically, I need two apps, one that stores member information and another that stores private health info

Answer 1

Amazon has a whitepaper on HIPAA compliance with AWS (just google AWS Hipaa compliance) where they talk about their HIPAA bona fides. For example, AWS sysadmins don't have direct login access to customer OS images.

To the best of my knowledge, Heroku has not shared details of how they secure their individual customer accounts.