The Datica Academy

HIPAA is complicated, but easily learned. The Datica HIPAA and Interoperability Academy walks you through the intricacies of HIPAA, HL7, and FHIR—from the highest concepts to the deepest details.

Start with the basics, like why Protected Health Information (PHI) is central to HIPAA, then work your way towards advanced topics like FHIR and HL7.

Datica Guides

HIPAA Guide


Everything you need to know about HIPAA compliance, packaged in a simple guide.

HITRUST Guide


Up-to-date information on the growing importance of HITRUST. Free guided walk through.

FHIR Guide


The complexity of FHIR explained. Extinguish the mystery of healthcare's latest standard.

Integration Guide


This guide explains the typical process of how to integrate with hospitals or health systems.

Total Cost of Ownership of Healthcare Integrations Guide


Understanding the costs of integration is a challenge because many initial an ongoing costs are hidden. This guide breaks down the formulas of how to measure the cost of a typical integration.

Datica Academy Articles

April 8, 2015

Business Associate Agreements

With ePHI access, business associates are required to sign a HIPAA business associate agreement (BAA). Learn more about business associate agreements here.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

February 5, 2016

Customizable HIPAA

The privacy and security aspects of HIPAA make healthcare communication different from personal communication in other verticals.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

February 7, 2015

HIPAA 101 A primer

The HIPAA acronym stands for the Health Insurance Portability and Accountability Act. This HIPAA primer covers HIPAA 101 basics, meaning, entitities, etc.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

October 9, 2015

HIPAA Auditing and Logging

If you're going through a HIPAA security audit by a hospital or payer compliance office, auditing and logging will show that your application is secure.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

September 16, 2015

HIPAA Contingency Planning + Disaster Recovery

Business associates and subcontractors need a HIPAA disaster recovery contingency plan in place to maintain the integrity of ePHI in case of a disaster.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

July 24, 2015

HIPAA Data Retention Requirements

HIPAA requires that business associates and covered entities retain multiple types of data for at least six years. Learn what data you need to retain.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

January 12, 2016

HIPAA Risk Assessment and Management

A risk assessment – a HIPAA requirement – is the first thing to do since it frames many decisions you'll make regarding your security posture.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

April 14, 2016

HIPAA and Data Breaches

Understanding the HIPAA breach policy and having a breach notification checklist can prepare you in case of unauthorized disclosure of ePHI.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

March 23, 2016

HIPAA and Encryption

HIPAA encryption strategy is another factor of HIPAA compliance, whether HIPAA SSL, data at rest, Filevault2, firewall encryption, or more.

Adam Leko

Chief Technology Officer

September 9, 2015

HIPAA and Multi Tenancy

What exactly is multi tenant cloud and does Datica Compliant Cloud offer a multi tenant environment?

Mohan Balachandran

Co-Founder

August 21, 2015

HIPAA, Subcontractors, and BAAs

The major part of security in healthcare is HIPAA, and the HIPAA rules changed in late 2013 with the new HIPAA Omnibus that adds subcontractors entities.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

February 13, 2015

How do you do HIPAA training?

HIPAA Security Rule standards include training workforce members. That means all employees and contractors of a business associate or covered entity.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

March 2, 2015

Proving HIPAA Compliance

HIPAA attestation is everywhere but are they really compliant? Companies can self-attest to HIPAA compliance because there are no HIPAA certifications.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

February 20, 2016

The HIPAA Privacy Rule

The HIPAA Privacy Rule is important to understand because it explains the types of data, covered entities, and uses of data HIPAA is concerned about.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

February 13, 2015

The HIPAA Security Rule

The HIPAA Security Rule describes the ways in which electronic protected health information, or ePHI, needs to be protected.

Adam Leko

Chief Technology Officer

November 13, 2015

The Who and How of HIPAA Enforcement

Learn about HIPAA enforcement, including who is responsible for enforcing HIPAA violations and compliance, and the fines for violating HIPAA.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

April 17, 2015

What is Protected Health Information or PHI

The acronym PHI stands for Protected Health Information. An individual's PHI is data on health status, provision of health care, or payment for health.

Mohan Balachandran

Co-Founder

April 5, 2016

Why HIPAA is not PCI

This post discusses HIPAA and different types of hosted infrastructure options, answering the question of why HIPAA is not PCI.

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

March 16, 2016

HL7 101 - A primer

HL7 is a healthcare industry standard for messaging between applications, for example from EHR to PMS. Learn HL7 basics, including HL7 v2 and v3.

Mohan Balachandran

Co-Founder

March 11, 2016

HL7 102 - Anatomy of an HL7 message

This deep dive explains HL7 message types, message structure, message segments, codes, fields and the complete anatomy of an HL7 message.

Mohan Balachandran

Co-Founder

February 25, 2014

HL7 201 - The Admission, Discharge, Transfer (ADT) Message

HL7 ADT message types are the most common HL7 messages. We explain ADT message structure, segments, and event types, including HL7 ADT message examples.

Mohan Balachandran

Co-Founder

March 4, 2014

HL7 202 - The HL7 ACK (Acknowledgement message)

The HL7 acknowledgement message, HL7 ACK, is critical for smooth, ongoing HL7 communication. Learn the nuances of HL7 ACK messages, segments, and codes.

Mohan Balachandran

Co-Founder

September 2, 2014

HL7 203 - The HL7 ORM (Order Entry) message

The Order Entry (ORM) message is a common HL7 message type. ORM messages contain information about an order, most commonly radiology or lab orders.

Mohan Balachandran

Co-Founder

May 4, 2016

HL7 204 - The HL7 Scheduling messages, SIU and SRM

The HL7 SIU and HL7 SRM message types are HL7 appointment scheduling messages with date and time, resources, services, location, and more appoint info.

Mohan Balachandran

Co-Founder

May 11, 2016

HL7 205 - The HL7 MDM (Medical Document Management) Message

The Medical Document Management (MDM) message is a commonly used HL7 message type that provides information about new or updated notes or documents.

Rick Wattras

April 19, 2016

How to integrate with Epic (or any EHR)

Lets walk through the names, players and timelines for delivering your first HL7 Epic integration or any other EHR integration like Cerner or Allscripts.

Mark Olschesky

Chief Data Officer

May 26, 2015

Introduction to FHIR

The FHIR acronym stands for Fast Healthcare Interoperability Resources. FHIR is a new open sourced interoperability standard of the HL7 organization.

Mohan Balachandran

Co-Founder

May 26, 2015

Recommended FHIR API Implementation Principles

The FHIR standard is based on API routes but what should the API route look like? Learn general design principles and guidelines to build RESTful APIs.

Mohan Balachandran

Co-Founder

May 26, 2015

The FHIR Resource Object: The Core Building Block

To understand FHIR, you must understand the FHIR Resource Object. This entry will help explain its origins and intent with links to help.

Mohan Balachandran

Co-Founder

May 17, 2016

MACRA and MIPS Explanation

There's confusion around the MACRA, MIPs, and APMs goals. It begs the question, Is Meaningful Use dead? Learn the MIPS APM and MACRA acronyms and more.

Casey Bryson

Chief Strategy Officer

July 10, 2016

MIPS Performance Qualifiers, Scoring, and Thresholds

High performance scores and ratings can be a strategic advantage over competitors. Understand MIPS, including qualifiers, scoring, and threshholds.

Mohan Balachandran

Co-Founder