Multicloud HIPAA compliance for healthcare: Dynatrace now supports AWS, Azure, and GCP

Dynatrace now supports HIPAA compliant observability for U.S. healthcare organizations across all major cloud providers - AWS, Microsoft Azure, and GCP. With Business Associate Agreements (BAAs) available and built in controls to limit Protected Health Information (PHI) exposure, healthcare teams can choose the hyperscaler that best fits their strategy.

Dynatrace extends HIPAA compliance to Google Cloud Platform

Dynatrace has long supported HIPAA-compliant deployments on Amazon Web Services (AWS) and Microsoft Azure. With the extension of HIPAA compliance to Google Cloud Platform (GCP), healthcare organizations in the United States can now standardize observability and security controls across all three major hyperscalers.

This expansion gives healthcare teams the flexibility to select the cloud platform that best supports their operational and innovation goals, while maintaining alignment with regulatory requirements. Dynatrace offers the option to enter into a BAA to support customers' HIPAA obligations when Dynatrace services are used in regulated environments.

By delivering consistent, enterprise-ready observability across AWS, Azure, and GCP, Dynatrace helps healthcare organizations modernize applications, improve system reliability, and strengthen security oversight.

HIPAA compliance: A business and trust imperative

HIPAA protects PHI and establishes safeguards for its storage, access, and monitoring. Compliance is not just a legal obligation; it is fundamental to:

• Maintaining patient trust
• Protecting sensitive data
• Avoiding costly regulatory penalties

Dynatrace solves healthcare observability challenges while keeping PHI where it belongs

Healthcare providers must balance rising patient expectations, modernization initiatives, and cost pressures, without sacrificing compliance or security. While cloud platforms often offer agility and scalability, regulatory requirements such as HIPAA can constrain technology choices.

Dynatrace HIPAA compliance is built on a shared responsibility model. Our platform is architected so that PHI does not need to flow through observability data. Customers retain responsibility for ensuring PHI and Personally Identifiable Information (PII) are masked at the source, and Dynatrace provides the tools to make that straightforward. Dynatrace offers built-in data masking and sensitive data protection features that allow teams to:

• Mask or obfuscate PHI and PII before data is ingested into the platform. The original data doesn't leave the monitored environment. Once masked, sensitive data can't be re-engineered.
• Define custom masking rules across logs, traces, and user session data.
• Reduce the risk of inadvertent PHI exposure
• Permanently delete unintended PHI ingestion with the Sensitive Data Center's cleanup workflow

Dynatrace automatically discovers and maps every application, service, process, and infrastructure component across clouds.

For healthcare organizations, this means that Dynatrace delivers:

• Real-time observability across applications, infrastructure, and security.
• Standardized compliance controls across providers.
• Audit trails, access logging, and RBAC are aligned with HIPAA security rule requirements.
• A single source of truth for AI-first developers, IT operations, security, and compliance teams, eliminating tool sprawl and data silos.

Dynatrace multicloud HIPAA compliance supports healthcare organizations' strategy to:

• Confidently evaluate GCP alongside AWS and Azure.
• Strengthen security and compliance visibility from a single platform.
• Invest in innovation, without compliance as a constraint.

Frequently asked questions

Is Dynatrace HIPAA-compliant on AWS, Azure, and GCP?

Yes. Dynatrace supports HIPAA-compliant deployments across Amazon Web Services, Microsoft Azure, and Google Cloud Platform for U.S. healthcare organizations.

Does Dynatrace ingest or process PHI?

Dynatrace operates on a privacy-by-design architecture, meaning it provides engineers with built-in tools to block PHI before it ever reaches the cloud. By default, Dynatrace does not need or use Protected Health Information (PHI) to monitor your application, but it can accidentally capture PHI if your systems leak sensitive data into logs, URLs, or payload traces. By signing a BAA with Dynatrace, your organization is assured that, if PHI is ever accidentally transmitted to Dynatrace, the data is protected under the necessary federal safeguards.

Are Business Associate Agreements available?

Yes. Dynatrace offers the option to enter into a BAA to support customers' HIPAA obligations.

Getting started

This announcement is part of a larger Dynatrace commitment to ensuring observability is not constrained by cloud provider choices.

Healthcare organizations can now deploy Dynatrace on GCP with HIPAA assurance, leveraging the same enterprise-grade observability available across AWS and Azure.

• Reach out to us to discuss how multicloud HIPAA compliance fits with your strategy.
• Visit the Dynatrace Trust Center to learn more about Dynatrace data security and privacy