> ## Documentation Index > Fetch the complete documentation index at: https://upstash.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Managing Healthcare Data You can use Upstash Redis to store and process Protected Health Information (PHI). You are responsible for the following: * **Signing a Business Associate Agreement (BAA)** with Upstash. This is provided as part of our Enterprise offering. Email [support@upstash.com](mailto:support@upstash.com) to get started. * **Marking specific databases as HIPAA databases** and addressing security issues raised by the Upstash team. * **Ensuring MFA is enabled** on all Upstash Console accounts. * Enforce MFA as a requirement to access the organization * **Enabling Prod Pack** which provides encryption at rest and advanced security features (already included in the Enterprise plan). * **Enabling Credential Protection** to prevent storing credentials in Upstash infrastructure and limit console access requiring database credentials. * **Configuring IP allowlist** to restrict database access to authorized networks. * **Enabling daily backups** to validate recoverability and meet retention requirements. * **Complying with encryption requirements** in the HIPAA Security Rule. Data is encrypted at rest and in transit by Upstash. You can consider encrypting the data at your application layer. * **Ensuring that PHI is stored only within your database**. Storing PHI in resource names or other locations is strictly prohibited. * **Ensuring that PHI is stored only in values of data structures, not in identifiers or keys**. Avoid logging keys anywhere. * **Not using public endpoints** to process PHI. * **Not transferring databases** to a non-HIPAA organization. For a comprehensive guide on implementing these responsibilities in production, see our [Production Checklist](/redis/help/production-checklist). For questions about managing healthcare data, contact our support team at [support@upstash.com](mailto:support@upstash.com).