Since Azure Functions host are dynamically added and removed based on the number of incoming events under "Consumption Plan", what is the guarantee that Azure transparently encrypts the data in-transit as well as at-rest on the hosts? Are there any documentations which can share some light on how Azure Functions fulfills HIPAA compliance?
2
votes
1 Answers
5
votes
Be careful not to conflate two separate things. The plan type is not relevant to compliance.
Azure Functions are covered for HIPAA apps. You can find the details here: Overview of Microsoft Azure compliance
Note, Azure itself is baseline compliant. But, you yourself can create and deploy an app that breaks compliance, just like you can on-prem. Azure Functions are by nature stateless, but there's little stopping you, the developer, form persisting data in a non-compliant way.
