The Datica Academy

HIPAA is complicated, but easily learned. The Datica HIPAA and Interoperability Academy walks you through the intricacies of HIPAA, HL7, and FHIR—from the highest concepts to the deepest details.

Start with the basics, like why Protected Health Information (PHI) is central to HIPAA, then work your way towards advanced topics like FHIR and HL7.

Free Guides

Digital Health Success Framework eBook


This eBook is a downloadable version of our detailed, interactive Digital Health Success Framework. It's your guide to successfully launching a digital health product.

Everything you need to know about FHIR


This guide will explain at a high level the basics of FHIR. You will be prepped with a need-to-know foundation which will make you more knowledgable on the topic than 95% of healthcare.

Everything you need to know about HIPAA compliance


This guide will walk you through important definitions and concepts, building on previous learnings. You will emerge armed with a basic understanding to HIPAA's purpose and rules, your obligations, and ways to address compliance.

HIPAA Compliance at the Application Level Guide


HIPAA compliance at the application level is different than the infrastructure level. This comprehensive guide explains HIPAA considerations for digital health applications.

HITRUST explained for everyone


Datica walks you through the basics of HITRUST, how much it costs, why it's important, and why it should be on your radar in the future.

How to Integrate with Hospitals and Health Systems


This guide is designed to be an educational piece for those just getting started with healthcare integration. It outlines the typical path, the technology required, and the players involved. It also includes a free project plan in the form of a downloadable spreadsheet.

Total Cost of Ownership of Compliance in the Cloud


In this guide are tested formulas and directional advice from the compliance and cloud experts at Datica on how to measure and manage the total cost of ownership to achieve compliance in the cloud.

Total cost of Ownership of Healthcare Integrations


In this guide we explain our methodology for computing healthcare integration total cost of ownership. We make the case that modern, cloud-based technology has fundamentally changed the TCO formula. Follow along as we walk you through our personal computations.

What Health Systems Can Gain From FHIR Adoption


A guide to open data models—the fuel for transformation.

Datica Academy Articles

With ePHI access, business associates are required to sign a HIPAA business associate agreement (BAA). Learn more about business associate agreements here.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

February 5, 2016

Customizable HIPAA

The privacy and security aspects of HIPAA make healthcare communication different from personal communication in other verticals.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

February 7, 2015

HIPAA 101 A primer

The HIPAA acronym stands for the Health Insurance Portability and Accountability Act. This HIPAA primer covers HIPAA 101 basics, meaning, entitities, etc.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

October 9, 2015

HIPAA Auditing and Logging

If you're going through a HIPAA security audit by a hospital or payer compliance office, auditing and logging will show that your application is secure.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

While HIPAA Compliance at the infrastructure level is heavy on technology, HIPAA Compliance at the application level is more of a blend of technology and policy.
Kris Gösser

Kris Gösser

VP of Marketing

Business associates and subcontractors need a HIPAA disaster recovery contingency plan in place to maintain the integrity of ePHI in case of a disaster.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

HIPAA requires that business associates and covered entities retain multiple types of data for at least six years. Learn what data you need to retain.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

A risk assessment – a HIPAA requirement – is the first thing to do since it frames many decisions you'll make regarding your security posture.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

April 14, 2016

HIPAA and Data Breaches

Understanding the HIPAA breach policy and having a breach notification checklist can prepare you in case of unauthorized disclosure of ePHI.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

March 23, 2016

HIPAA and Encryption

HIPAA encryption strategy is another factor of HIPAA compliance, whether HIPAA SSL, data at rest, Filevault2, firewall encryption, or more.
Adam Leko

Adam Leko

Chief Technology Officer

September 9, 2015

HIPAA and Multi Tenancy

What exactly is multi tenant cloud and does Datica Compliant Cloud offer a multi tenant environment?
Mohan Balachandran

Mohan Balachandran

Co-Founder

The major part of security in healthcare is HIPAA, and the HIPAA rules changed in late 2013 with the new HIPAA Omnibus that adds subcontractors entities.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

February 13, 2015

How do you do HIPAA training?

HIPAA Security Rule standards include training workforce members. That means all employees and contractors of a business associate or covered entity.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

March 2, 2015

Proving HIPAA Compliance

HIPAA attestation is everywhere but are they really compliant? Companies can self-attest to HIPAA compliance because there are no HIPAA certifications.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

February 20, 2016

The HIPAA Privacy Rule

The HIPAA Privacy Rule is important to understand because it explains the types of data, covered entities, and uses of data HIPAA is concerned about.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

February 13, 2015

The HIPAA Security Rule

The HIPAA Security Rule describes the ways in which electronic protected health information, or ePHI, needs to be protected.
Adam Leko

Adam Leko

Chief Technology Officer

Learn about HIPAA enforcement, including who is responsible for enforcing HIPAA violations and compliance, and the fines for violating HIPAA.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

The acronym PHI stands for Protected Health Information. An individual's PHI is data on health status, provision of health care, or payment for health.
Mohan Balachandran

Mohan Balachandran

Co-Founder

April 5, 2016

Why HIPAA is not PCI

This post discusses HIPAA and different types of hosted infrastructure options, answering the question of why HIPAA is not PCI.
Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

March 16, 2016

HL7 101 - A primer

HL7 is a healthcare industry standard for messaging between applications, for example from EHR to PMS. Learn HL7 basics, including HL7 v2 and v3.
Mohan Balachandran

Mohan Balachandran

Co-Founder

This deep dive explains HL7 message types, message structure, message segments, codes, fields and the complete anatomy of an HL7 message.
Mohan Balachandran

Mohan Balachandran

Co-Founder

HL7 ADT message types are the most common HL7 messages. We explain ADT message structure, segments, and event types, including HL7 ADT message examples.
Mohan Balachandran

Mohan Balachandran

Co-Founder

The HL7 acknowledgement message, HL7 ACK, is critical for smooth, ongoing HL7 communication. Learn the nuances of HL7 ACK messages, segments, and codes.
Mohan Balachandran

Mohan Balachandran

Co-Founder

The Order Entry (ORM) message is a common HL7 message type. ORM messages contain information about an order, most commonly radiology or lab orders.
Mohan Balachandran

Mohan Balachandran

Co-Founder

The HL7 SIU and HL7 SRM message types are HL7 appointment scheduling messages with date and time, resources, services, location, and more appoint info.
Mohan Balachandran

Mohan Balachandran

Co-Founder

The Medical Document Management (MDM) message is a commonly used HL7 message type that provides information about new or updated notes or documents.
Rick Wattras

Rick Wattras

Lets walk through the names, players and timelines for delivering your first HL7 Epic integration or any other EHR integration like Cerner or Allscripts.
Mark Olschesky

Mark Olschesky

Chief Data Officer

May 26, 2015

Introduction to FHIR

The FHIR acronym stands for Fast Healthcare Interoperability Resources. FHIR is a new open sourced interoperability standard of the HL7 organization.
Mohan Balachandran

Mohan Balachandran

Co-Founder

The FHIR standard is based on API routes but what should the API route look like? Learn general design principles and guidelines to build RESTful APIs.
Mohan Balachandran

Mohan Balachandran

Co-Founder

To understand FHIR, you must understand the FHIR Resource Object. This entry will help explain its origins and intent with links to help.
Mohan Balachandran

Mohan Balachandran

Co-Founder

There's confusion around the MACRA, MIPs, and APMs goals. It begs the question, Is Meaningful Use dead? Learn the MIPS APM and MACRA acronyms and more.
Casey Bryson

Casey Bryson

Chief Strategy Officer

High performance scores and ratings can be a strategic advantage over competitors. Understand MIPS, including qualifiers, scoring, and threshholds.
Mohan Balachandran

Mohan Balachandran

Co-Founder