iconbook-academy

The Datica Academy

HIPAA is complicated, but easily learned. The Datica HIPAA and Interoperability Academy walks you through the intricacies of HIPAA, HL7, and FHIR—from the highest concepts to the deepest details.

Start with the basics, like why Protected Health Information (PHI) is central to HIPAA, then work your way towards advanced topics like FHIR and HL7.

Datica Guides

Authoritative Guides Written By Industry Experts

This eBook is a downloadable version of our detailed, interactive Digital Health Success Framework. It’s your guide to successfully launching a digital health product.

This guide will walk you through important definitions and concepts, building on previous learnings. You will emerge armed with a basic understanding to HIPAA’s purpose and rules, your obligations, and ways to address compliance.

This guide to GDPR for the healthcare industry will prepare you to do business in the EU and understand how to handle PHI of EU citizens. With Datica, you’ll be ready when GDPR takes effect on May 25, 2018.

This lightweight self-assessment worksheet illuminates the cloud requirements of HIPAA that you need to plan for in your own digital health product.

HIPAA compliance at the application level is different than the infrastructure level. This comprehensive guide explains HIPAA considerations for digital health applications.

Datica walks you through the basics of HITRUST, how much it costs, why it’s important, and why it should be on your radar in the future.

This guide is designed to be an educational piece for those just getting started with healthcare integration. It outlines the typical path, the technology required, and the players involved. It also includes a free project plan in the form of a downloadable spreadsheet.

In this guide are tested formulas and directional advice from the compliance and cloud experts at Datica on how to measure and manage the total cost of ownership to achieve compliance in the cloud.

In this guide we explain our methodology for computing healthcare integration total cost of ownership. We make the case that modern, cloud-based technology has fundamentally changed the TCO formula. Follow along as we walk you through our personal computations.

Datica Academy Articles

Search the Academy

This guide is intended to give developers an easy to understand, step by step runbook for configuring their AWS RDS instance to be HITRUST CSF ready. In the following sections we’ll walk through the requirements, controls, and configurations for RDS.

Ryan Rich

Ryan Rich

Chief Product Officer

event-note October 24, 2018

With all the attention on compliance and the need for compliance artifacts, or evidence, to be successful, it’s helpful to understand more about artifacts.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag Cloud Computing tag Compliance

This guide is intended to give developers a simple way to configure their Cosmos DB service to be HITRUST CSF ready. In this guide we’ll walk through the requirements, controls, and configurations for Azure Cosmos DB.

Ryan Rich

Ryan Rich

Chief Product Officer

event-note April 10, 2018

With ePHI access, business associates are required to sign a HIPAA business associate agreement (BAA). Learn more about business associate agreements here.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note February 22, 2018

The privacy and security aspects of HIPAA make healthcare communication different from personal communication in other verticals.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note January 10, 2018

This GDPR data breach notification checklist outlines the steps that should be orchestrated by your data protection officer to ensure GDPR compliance.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag GDPR
event-note January 9, 2018

One of the most challenging aspects of any security and compliance program, including GDPR, is breach notification.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag GDPR
event-note January 18, 2018

GDPR compliance is an imperative starting May, 2018 for companies who work with data on EU citizens. Understand the fines and penalties in Article 83.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag GDPR tag Compliance

Cloud Service Providers doing business in the EU are Processors under GDPR—it’s kind of like being a HIPAA Covered Entity in the U.S. Read more on GDPR Service Providers.

Kris Gösser

Kris Gösser

Chief Marketing Officer

tag GDPR

This guide helps developers configure their Google Cloud SQL instance to be HITRUST CSF ready. It covers requirements, controls, and configurations for GCP Cloud SQL.

Ryan Rich

Ryan Rich

Chief Product Officer

GxP does not have the concept or BAAs or contracts that outline risk like HIPAA does. There is no concept of inheritance or chaining liability. Learn more here.

Kris Gösser

Kris Gösser

Chief Marketing Officer

tag GxP
event-note March 21, 2018

The HIPAA acronym stands for the Health Insurance Portability and Accountability Act. This HIPAA primer covers HIPAA 101 basics, meaning, entitities, etc.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note June 28, 2018

If you’re going through a HIPAA security audit by a hospital or payer compliance office, auditing and logging will show that your application is secure.

Ryan Rich

Ryan Rich

Chief Product Officer

tag HIPAA

While HIPAA Compliance at the infrastructure level is heavy on technology, HIPAA Compliance at the application level is more of a blend of technology and policy.

Kris Gösser

Kris Gösser

Chief Marketing Officer

tag HIPAA tag Healthcare Cloud

Business associates and subcontractors need a HIPAA disaster recovery contingency plan in place to maintain the integrity of ePHI in case of a disaster.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note July 23, 2018

HIPAA requires that business associates and covered entities retain multiple types of data for at least six years. Learn what data you need to retain.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note January 12, 2016

A risk assessment – a HIPAA requirement – is the first thing to do since it frames many decisions you’ll make regarding your security posture.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note April 11, 2018

Understanding the HIPAA breach policy and having a breach notification checklist can prepare you in case of unauthorized disclosure of ePHI.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note August 30, 2018

HIPAA encryption strategy is another factor of HIPAA compliance, whether HIPAA SSL, data at rest, Filevault2, firewall encryption, or more.

Ryan Rich

Ryan Rich

Chief Product Officer

tag HIPAA
event-note January 12, 2018

What exactly is multi tenant cloud and does Datica Compliant Cloud offer a multi tenant environment?

Ryan Rich

Ryan Rich

Chief Product Officer

tag HIPAA
event-note August 16, 2018

The major part of security in healthcare is HIPAA, and the HIPAA rules changed in late 2013 with the new HIPAA Omnibus that adds subcontractors entities.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note March 27, 2018

HL7 is a healthcare industry standard for messaging between applications, for example from EHR to PMS. Learn HL7 basics, including HL7 v2 and v3.

Mark Olschesky

Mark Olschesky

Chief Data Officer

tag HL7
event-note March 14, 2018

This deep dive explains HL7 message types, message structure, message segments, codes, fields and the complete anatomy of an HL7 message.

Mark Olschesky

Mark Olschesky

Chief Data Officer

tag HL7

HL7 ADT message types are the most common HL7 messages. We explain ADT message structure, segments, and event types, including HL7 ADT message examples.

Mark Olschesky

Mark Olschesky

Chief Data Officer

tag HL7

The HL7 acknowledgement message, HL7 ACK, is critical for smooth, ongoing HL7 communication. Learn the nuances of HL7 ACK messages, segments, and codes.

Mark Olschesky

Mark Olschesky

Chief Data Officer

tag HL7
event-note September 3, 2018

The Order Entry (ORM) message is a common HL7 message type. ORM messages contain information about an order, most commonly radiology or lab orders.

Mark Olschesky

Mark Olschesky

Chief Data Officer

tag HL7

The HL7 SIU and HL7 SRM message types are HL7 appointment scheduling messages with date and time, resources, services, location, and more appoint info.

Mark Olschesky

Mark Olschesky

Chief Data Officer

tag HL7

The Medical Document Management (MDM) message is a commonly used HL7 message type that provides information about new or updated notes or documents.

Rick Wattras

Rick Wattras

Healthcare Integration Engineer Team Lead

tag HL7
event-note February 9, 2018

HIPAA Security Rule standards include training workforce members. That means all employees and contractors of a business associate or covered entity.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA

In this guide, we will walk you through the reasoning, structure, and ways to leverage a maturity model, such as the HITRUST maturity model, to optimize your compliance posture.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HITRUST
event-note April 4, 2018

Lets walk through the names, players and timelines for delivering your first HL7 Epic integration or any other EHR integration like Cerner or Allscripts.

Mark Olschesky

Mark Olschesky

Chief Data Officer

tag HL7 tag EHR
event-note August 10, 2018

RESTful APIs are the backbone of many webservices today. Having the tools to integrate an not-natively-RESTful interface engine with this common standard opens a lot of possibilities. In the healthcare space, queuing the HL7 properly is critical. In this article, we explore ways to do this properly.

Mark Olschesky

Mark Olschesky

Chief Data Officer

tag HL7 tag Mirth
event-note May 16, 2018

The FHIR acronym stands for Fast Healthcare Interoperability Resources. FHIR is a new open sourced interoperability standard of the HL7 organization.

Mark Olschesky

Mark Olschesky

Chief Data Officer

tag FHIR
event-note May 23, 2018

There’s confusion around the MACRA, MIPs, and APMs goals. It begs the question, Is Meaningful Use dead? Learn the MIPS APM and MACRA acronyms and more.

Kris Gösser

Kris Gösser

Chief Marketing Officer

tag Company

High performance scores and ratings can be a strategic advantage over competitors. Understand MIPS, including qualifiers, scoring, and threshholds.

Kris Gösser

Kris Gösser

Chief Marketing Officer

tag Company

In starting a compliance program, there is work to be done before you get to level one of the maturity model. We call this level zero.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag Compliance tag HITRUST
event-note April 19, 2018

HIPAA attestation is everywhere but are they really compliant? Companies can self-attest to HIPAA compliance because there are no HIPAA certifications.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA

The FHIR standard is based on API routes but what should the API route look like? Learn general design principles and guidelines to build RESTful APIs.

Mark Olschesky

Mark Olschesky

Chief Data Officer

tag FHIR
event-note September 5, 2018

At Datica, we are often asked about SOC 2 Type II and how it relates to HIPAA and HITRUST. This article is to help explain how a SOC 2 Type II audit compares to HIPAA compliance and other regulatory audits in the United States.

Matt Taylor

Matt Taylor

Marketing Manager

tag Compliance tag HITRUST tag Cloud Computing
event-note October 31, 2018

Getting started with compliance on the cloud is easiest if you have a stepwise approach like the 5-level maturity model outlined in this post.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag Compliance tag HITRUST

To understand FHIR, you must understand the FHIR Resource Object. This entry will help explain its origins and intent with links to help.

Mark Olschesky

Mark Olschesky

Chief Data Officer

tag FHIR
event-note February 6, 2018

The HIPAA Privacy Rule is important to understand because it explains the types of data, covered entities, and uses of data HIPAA is concerned about.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note February 5, 2018

The HIPAA Security Rule describes the ways in which electronic protected health information, or ePHI, needs to be protected.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note July 20, 2017

Learn about HIPAA enforcement, including who is responsible for enforcing HIPAA violations and compliance, and the fines for violating HIPAA.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note February 8, 2018

GxP stands for “Good Practice” and is a set of operational controls for Life Sciences organizations working within the confines of the FDA. Learn more about GxP compliance.

Kris Gösser

Kris Gösser

Chief Marketing Officer

tag GxP
event-note May 10, 2018

HITRUST certification by the HITRUST Alliance enables vendors and covered entities to prove HIPAA compliance based on a standardized framework.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HITRUST

The acronym PHI stands for Protected Health Information. An individual’s PHI is data on health status, provision of health care, or payment for health.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note January 9, 2018

What is the definition of a security incident and data breach under HIPAA and GDPR and how do they compare? This article breaks down the key terminology.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag GDPR
event-note April 16, 2018

This post discusses HIPAA and different types of hosted infrastructure options, answering the question of why HIPAA is not PCI.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA

Recently at Datica

Datica Blog

The Datica book, "Complete Cloud Compliance", is now available!

Kris Gösser

Chief Marketing Officer

If you are interested in making healthcare better by enabling the industry’s triple aim — lower costs, better outcomes, better experience — then this book it is for you.

event-note December 4, 2018

Help your startup navigate regulation.

The Digital Health Success Framework is a simple guide for the makers of digital healthcare products.

Explore the framework