Securing your data is important to us

Protecting patient data, while providing diverse stakeholders with broad access to the aggregated Patient Insights Network information, is our top priority. Invitae manages and operates all systems in a rigorous manner to allow compliance with HIPAA and FISMA.

  • HIPAA-compliant hosting

  • Infrastructure managed according to FISMA guidelines

  • Participant-controlled data sharing

  • Participant-controlled communication and contact

  • De-identified data sharing

Learn more about privacy and security standards:


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) affects most organizations that provide healthcare or support and/or transact business with other health-related organizations. HIPAA defines policies, procedures, and guidelines for maintaining the privacy and security of individually identifiable health information.

While the responsibility is on the client to meet HIPAA requirements, Invitae provides a HIPAA- and FISMA-compliant infrastructure, that ensures clients comply with HIPAA’s Security Rule. A combined approach, where the client provides the methodology for compliance, and Invitae provides enterprise-level managed hosting and database services, is the ideal solution to meeting compliance with a cost-effective solution.


The Federal Information Security Management Act of 2002 (FISMA) requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the content and the systems that support the operations and assets of the agency.

FISMA-compliant hosting is much more extensive than HIPAA. Under FISMA, specific operational controls are documented, security policies and procedures are developed, and an annual audit of the documented controls is performed. Invitae operates a FISMA-certified infrastructure for the National Institutes of Health (NIH)-funded programs.