HIPPA Compliance

Is the RStudio cloud HIPPA compliant of any R Shiny apps ?

Hi @evquir! Welcome!

I'm afraid I'm having trouble understanding your question — can you explain a bit more? Are you asking whether it's possible to make a HIPAA compliant Shiny app? (I suspect the answer to that depends a lot on how the app is deployed, so any detail you can give about that would also help, I think)

I'm also not sure what the reference to "RStudio cloud" means here — are you talking about RStudio Cloud, or something else? If you mean RStudio Cloud the product, how are you imagining using it in your situation?


We have a customer who is developing an application on your platform using the RStudio Cloud.

As far as I know, it will contain sensitive data, which needs HIPPA protection.

Sorry, but I don’t have any details about the app itself, since we are not developing it, just our customer.

The users told me that their shiny app will be in the RStudio Cloud, and communicate with a DB server on premises.

So, before we open firewall rules, I just wanted to ask if the platform is secure enough for HIPPA.


rstudio.cloud is currently in development, and focused on serving educators.

In its current form (and at least for another year or more) rstudio.cloud will not be a platform on which to build a HIPPA compliant application.

But there is nothing to stop your client from using Shiny to build a HIPPA compliant application. However, your client should obviously consult with their lawyer on what is necessary to do this.

Also, for using Shinyapps.io, in the "Security and Compliance" section;

shinyapps.io is currently hosted on Amazon’s Web Services (AWS) infrastructure in the us-east-1 region. The infrastructure used is not the HIPAA-compliant stack, so if you need to be in a HIPAA-compliant environment, we recommend deploying and operating your own Shiny Server or Shiny Server Professional instance.