Cerner, now part of Oracle Health, offers a wide range of cloud and enterprise software solutions, including infrastructure, databases, and applications for managing business operations, data, and analytics.
Is Cerner HIPAA compliant? Yes, based on our research, Cerner can be HIPAA compliant.
What changed this year?
As of April, our review did not identify any publicly disclosed changes to Cerner HIPAA-related policies or BAA terms.
Will Cerner sign a business associate agreement (BAA)?
Yes, Cerner will sign a business associate agreement, which can be reviewed here.
What does the Cerner BAA cover?
The Cerner BAA covers the use and disclosure of protected health information (PHI) when Cerner services are used under the agreement. The terms state:"Cerner shall not Use or Disclose PHI other than as permitted or required by the Agreement, this BAA, or as Required By Law."
Their BAA covers:
- Protection of PHI
- Limitations on use and disclosure of PHI
- Safeguards to prevent unauthorized access
- Reporting of security incidents and breaches
- Cooperation with HHS investigations
- Patient rights requests (access, amendment, and accounting of disclosures)
- Return or destruction of PHI upon termination
What does the Cerner BAA exclude?
Cerner specifies limitations in its BAA. The agreement notes that Cerner will only handle PHI as necessary to perform contracted services and is not responsible for a customer’s internal misconfigurations or misuse. The BAA states that "Cerner shall not be responsible for compliance with HIPAA or the HIPAA Rules by Customer, except as expressly provided in this BAA."
This means the customer is ultimately responsible for using Cerner services in a HIPAA compliant manner.
Conclusion
Cerner signs a BAA and is therefore HIPAA compliant.
Learn more: HIPAA Compliant Email: The Definitive Guide
FAQS
What is a business associate agreement?
A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI).
HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.
Who does HIPAA apply to?
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
Mara Ellis : January 25, 2026
Hoala Greevy : May 12, 2019
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
