Shows the security settings and SQL policies you must enable to run ClickHouse in a HIPAA-regulated environment.
HIPAA mandates encryption in transit and at rest, strict access control, audit logging, data retention rules, and documented procedures for backups and disaster recovery.
Create a storage policy that targets an encrypted disk or S3 bucket with server-side encryption. Reference that policy in every table holding Protected Health Information (PHI).
Add to storage_policy.xml
: <disk name="enc" type="encrypted" key="${ENCRYPT_KEY}" path="/var/lib/clickhouse/encrypted/"/>
SETTINGS storage_policy='encrypted'
forces the table’s parts onto the encrypted volume.
Generate a certificate, then set tcp_port_secure
and openSSL
options in config.xml
. Require users and applications to connect on https
or tcps
ports only.
Create roles, grant granular privileges, then add row-level policies to hide PHI from non-privileged users. Pair roles with short-lived, unique service accounts.
CREATE POLICY phi_filter ON secure_customers USING has_role('hipaa_reader');
Set query_log
and part_log
retention to HIPAA-approved periods. Ship logs to a WORM (write-once, read-many) store so they cannot be altered.
Use BACKUP TABLE
to encrypted S3 with versioning, and set ttl_only_drop_parts=true
to avoid accidental data loss.
The example below creates an encrypted table, applies a row-level filter, and grants least-privilege roles used by analytics jobs.
✅ Encrypt every disk and network hop
✅ Enforce least privilege via roles
✅ Log every query
✅ Encrypt backups and test restores
✅ Document incident-response and BAA coverage
Mistake 1: Forgetting to encrypt backups → always use S3/KMS or server-side encryption.
Mistake 2: Sharing service accounts → create unique users with expiration dates.
No. ClickHouse offers the building blocks (encryption, access control, logging), but compliance depends on how you configure and operate it.
Yes. If you run ClickHouse on a cloud provider, sign a BAA with that provider and ensure any sub-processors are also covered.
Minimal. Policies are applied during query planning. Indexes remain usable as long as filters reference key columns.