Skip to main content
Notifications
You're all caught up.
View all notifications
OnlyHIPAA
← All documentation

Webhook events

Every event your endpoint can subscribe to. OnlyHIPAA POSTs a signed JSON body ({ event, timestamp, payload }) for each subscribed event; verify the X-OnlyHIPAA-Signature header (HMAC-SHA256 of the raw body with your secret). Failed deliveries retry with backoff and can be replayed from Settings → Webhooks.

Assessments

EventFires when
assessment.completed An assessment was marked complete.
assessment.archived An assessment was archived.

Findings

EventFires when
finding.status_changed A finding moved between statuses (open → resolved, etc.).
finding.risk_changed A finding's risk level changed.

Incidents

EventFires when
incident.created A security incident was created.
incident.escalated An incident was escalated.
incident.closed An incident was closed.

Policies

EventFires when
policy.published A policy was published.
policy.reviewed A policy was reviewed.

Members

EventFires when
member.invited A team member was invited.
member.removed A team member was removed.

Evidence

EventFires when
evidence.uploaded Evidence was uploaded.
evidence.deleted Evidence was deleted.

Remediation

EventFires when
remediation.completed A remediation task was completed.
OnlyHIPAA

Making HIPAA compliance accessible for every healthcare organization.

HIPAA SOC 2 NIST CSF

View our security posture →

Product

  • Frameworks
  • Sherpa AI
  • Risk Analysis
  • Compliance Operations
  • Reporting
  • Integrations & API
  • Pricing

Company

  • About Us
  • Team
  • Mission
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • BAA Template
  • Security

Resources

  • Documentation
  • HIPAA Guide
  • Blog
  • Status Page

© 2026 OnlyHIPAA, Inc. All rights reserved.

OnlyHIPAA provides tools to assist with HIPAA compliance but does not constitute legal advice. Consult qualified legal counsel for specific compliance guidance.