HIPAA and NHS Considerations for Icon Map

Icon Map is a secure mapping visual for Power BI, designed to support deployment in regulated healthcare environments, including organisations subject to HIPAA in the United States and NHS governance in the United Kingdom.

This page explains how Icon Map supports healthcare compliance, data protection, and secure handling of sensitive data.

For technical detail on external resources, development practices, and assurance options, see our Icon Map Pro security whitepaper (PDF).

Secure Data Architecture for Healthcare

Icon Map is built on a security-first architecture aligned with Microsoft Power BI and Microsoft 365:

• No customer data is stored or processed by Tekantis
• All data remains within the customer’s Power BI tenant
• The visual runs inside the Power BI custom visual sandbox
• No dataset contents are transmitted to external services

This architecture ensures that healthcare data, including sensitive or regulated data, remains fully controlled by the organisation.

Is Icon Map HIPAA Compliant?

HIPAA does not provide formal certification. Instead, compliance is determined by how a product is used within a healthcare organisation.

Icon Map is designed to support HIPAA-compliant deployments by ensuring that:

• No Protected Health Information (PHI) is transmitted outside the customer environment
• No geocoding or external processing of address data occurs
• Data remains entirely within Power BI and Microsoft infrastructure

No External PHI Exposure

Unlike many mapping tools, Icon Map does not send location or address data to external services.

External requests are limited to:

• Base map tiles
• Customer-configured services

These requests do not include dataset values or PHI.

Business Associate Agreement (BAA)

Icon Map is typically deployed in a way where Tekantis does not act as a Business Associate under HIPAA, because:

• Tekantis does not access customer data
• No PHI is stored or processed by the vendor

However, each organisation determines its own requirements, and Tekantis can support HIPAA risk assessments and BAA considerations where required.

Proven in a US Healthcare Environment

Icon Map has undergone a full security and compliance review with a US healthcare provider, including HIPAA-related assessment of data handling and architecture.

Following this review, the product was approved through the organisation’s internal security and procurement process.

Customer references may be available on request.

NHS Approved Power BI Mapping Visual

Icon Map has also been approved as an NHS-approved third-party application, supporting deployment within UK healthcare environments.

NHS Security and Governance Assessment

As part of the NHS approval process, Icon Map was reviewed against NHS Digital and NHS England requirements, including:

• Application security and architecture
• Data handling and processing model
• Alignment with NHS data protection standards

This confirms suitability for use within NHS organisations, subject to local governance and deployment controls.

UK GDPR and Healthcare Data Protection

Icon Map supports UK GDPR compliance through its architecture:

• No external storage or processing of healthcare data
• All data remains within the customer’s Microsoft tenant
• No transmission of dataset contents to Tekantis infrastructure

This approach supports secure handling of sensitive healthcare and operational data.

Designed for Healthcare Security and Compliance

Healthcare organisations using Power BI can deploy Icon Map within their existing governance frameworks, including:

• HIPAA risk assessments (US)
• Data Protection Impact Assessments, DPIAs (UK)
• Internal security and procurement reviews

Icon Map supports these processes by providing:

• Transparent data flow and architecture
• No external data processing
• Compatibility with tenant-level and network-level controls

Why Healthcare Organisations Choose Icon Map

• Designed for secure Power BI deployments
• No external processing of sensitive data
• Supports HIPAA-aligned architectures
• Approved for NHS environments
• Proven through real healthcare security reviews

Learn more

Read the security whitepaper for certification context, external resources, coding standards, and assurance options. You can also download the whitepaper (PDF) directly.

If you require security documentation, support for compliance reviews, or a discussion on deploying Icon Map in a healthcare environment, please get in touch.