Cloud Lock

Back to Governance

HIPAA/HITRUST

built-in

Healthcare compliance for protecting electronic health information

60% 3/5 checks passing

Access Control

Status	Check	Description	Evidence	Last Evaluated
✓	Identity-Aware Proxy enabled iap_enabled	Ensure IAP is enabled for web applications accessing protected health information	IAP configured via Cloud Load Balancing.	2026-05-19 15:45

Availability

Status	Check	Description	Evidence	Last Evaluated
✗	Cloud SQL high availability for PHI sql_ha_enabled	Ensure Cloud SQL instances storing PHI are configured for high availability	Instances without HA: pioneer-prod-cl-db, pioneer-demo-cl-db, pioneer-production-cl-db, pioneer-demo-wb-db, pioneer-production-wb-db, pioneer-staging-cl-db, pioneer-demo-ow-db, pioneer-staging-wb-db, pioneer-staging-ow-db, pioneer-production-cl-db, pioneer-staging-cl-db, pioneer-staging-cl-db, pioneer-production-cl-db	2026-05-19 15:45

Encryption

Status	Check	Description	Evidence	Last Evaluated
✓	PHI data encryption encryption_at_rest	Ensure all data at rest and in transit is encrypted with CMEK for PHI workloads	Google Cloud encrypts all data at rest by default using AES-256.	2026-05-19 15:45
✓	Secrets not exposed in environment secrets_in_manager	Verify sensitive values are stored in Secret Manager and not in environment variables or source code	130 secret(s) managed in Secret Manager.	2026-05-19 15:45

Network

Status	Check	Description	Evidence	Last Evaluated
✗	No public IPs on Cloud Run cloud_run_no_public_ip	Verify Cloud Run services handling PHI are not exposed with public ingress	Services with public ingress: pioneer-demo-ow-web, pioneer-demo-wb-web, pioneer-production-wb-mcp, pioneer-production-wb-web, pioneer-prod-ow-web, pioneer-staging-wb-mcp, pioneer-staging-wb-web, pioneer-prod-cl-web, pioneer-demo-wb-mcp, pioneer-staging-ow-web, pioneer-demo-cl-web, pioneer-production-cl-web, pioneer-production-ow-web, pioneer-staging-cl-web	2026-05-19 15:45