HIPPA compliance

For those who require HIPPA compliance, what steps do you take to ensure security?

We follow the obvious steps:

  • Never include production data in any collections.
  • Store any sensitive information in environments.
  • Only use the current value in our environments. (as current values dont get synced to the cloud)
  • Disable “automatically persist variable values”.
  • Don’t save responses

Any other safety tips?

1 Like

I would add to this: don’t save responses as examples, since they will be synced:

1 Like

If you are hitting a test environment why cant you save responses? This is to assist people learning the api… what does this have to do with hippa…?

Postman gets used to test in production. If you never use it in Prod it should be fine to save responses.