Okta Health Insurance Portability and Accountability Act

Last updated: October 2024

Okta cell architecture

Okta created Identity-as-a-Service (IDaaS) and from the start has firmly believed in building a best-in-class enterprise-grade service. Infrastructure investments have been a priority at Okta from the beginning.

Today, Okta continues to invest in one of the most resilient, secure and “Always On” cloud architectures in the world. Overall, the Okta architecture uses a concept we call a “cell” as the largest unit of scale in the service. Each Okta “cell” encapsulates a full multi-tenant cloud service with extremely high availability. For more details on the architecture overall, see these papers:

An Insider Look: How Okta Builds and Runs Scalable Infrastructure

Scaling Okta to 50 Billion Users

HIPAA scoping

The most difficult component of operating in a regulated environment is the definition of the scope boundaries. Organizations want to ensure that only required systems are included in any regulatory audit, as the expansion of scope incurs additional setup, maintenance, and cost. This drives the selection of an Identity vendor that can operate as a Business Associate to the customer.

HIPAA scoping also includes determining if the data being protected by your Information System is classified as Protected Health Information (PHI). PHI can be defined as information that “relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of