Wendy,
That is a fairly difficult question to answer because I think a lot of that would depend on your contract with Canvas. From my understanding HIPPA has to do more with just security of data, but also with responsibility of things if there were a data breach. And that responsibility is more of a contract thing than a technical one. I know some products we use such as Zoom, we do have a space within Zoom for items that need to be HIPPA compliant and it those session usually have extra things locked down on them. Such as perhaps not allowing cloud recordings.
Now, since I'm really just guessing with my response I want to like to an older post which has some further discussion on the issue from people who probably know more than me; at least I know @kmeeusen knows more than me.
https://community.canvaslms.com/thread/13248-hipaa-compliance-plans
Rick
