Cytobank is not currently certified to store patient information that is not de-identified, and thus does not fulfill HIPAA guidelines. Typically, Cytobank users de-identify their samples and replace any personally identifiable information with unique ids (e.g. HM3223).
Cytobank is also not currently 21 CFR Part 11 compliant.