iconbook-academy

The Datica Academy

HIPAA is complicated, but easily learned. The Datica HIPAA and Interoperability Academy walks you through the intricacies of HIPAA, HL7, and FHIR—from the highest concepts to the deepest details.

Start with the basics, like why Protected Health Information (PHI) is central to HIPAA, then work your way towards advanced topics like FHIR and HL7.

Datica Guides

Authoritative Guides Written By Industry Experts

This eBook is a downloadable version of our detailed, interactive Digital Health Success Framework. It’s your guide to successfully launching a digital health product.

This guide will walk you through important definitions and concepts, building on previous learnings. You will emerge armed with a basic understanding to HIPAA’s purpose and rules, your obligations, and ways to address compliance.

This guide to GDPR for the healthcare industry will prepare you to do business in the EU and understand how to handle PHI of EU citizens. With Datica, you’ll be ready when GDPR takes effect on May 25, 2018.

HIPAA compliance at the application level is different than the infrastructure level. This comprehensive guide explains HIPAA considerations for digital health applications.

Datica walks you through the basics of HITRUST, how much it costs, why it’s important, and why it should be on your radar in the future.

This guide is designed to be an educational piece for those just getting started with healthcare integration. It outlines the typical path, the technology required, and the players involved. It also includes a free project plan in the form of a downloadable spreadsheet.

In this guide are tested formulas and directional advice from the compliance and cloud experts at Datica on how to measure and manage the total cost of ownership to achieve compliance in the cloud.

In this guide we explain our methodology for computing healthcare integration total cost of ownership. We make the case that modern, cloud-based technology has fundamentally changed the TCO formula. Follow along as we walk you through our personal computations.

Datica Academy Articles

Search the Academy

event-note April 8, 2015

With ePHI access, business associates are required to sign a HIPAA business associate agreement (BAA). Learn more about business associate agreements here.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note February 5, 2016

The privacy and security aspects of HIPAA make healthcare communication different from personal communication in other verticals.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note January 10, 2018

This GDPR data breach notification checklist outlines the steps that should be orchestrated by your data protection officer to ensure GDPR compliance.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag GDPR
event-note January 9, 2018

One of the most challenging aspects of any security and compliance program, including GDPR, is breach notification.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag GDPR
event-note January 18, 2018

GDPR compliance is an imperative starting May, 2018 for companies who work with data on EU citizens. Understand the fines and penalties in Article 83.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag GDPR tag Compliance

Cloud Service Providers doing business in the EU are Processors under GDPR—it’s kind of like being a HIPAA Covered Entity in the U.S. Read more on GDPR Service Providers.

Kris Gösser

Kris Gösser

Chief Marketing Officer

tag GDPR

GxP does not have the concept or BAAs or contracts that outline risk like HIPAA does. There is no concept of inheritance or chaining liability. Learn more here.

Kris Gösser

Kris Gösser

Chief Marketing Officer

tag GxP
event-note February 7, 2015

The HIPAA acronym stands for the Health Insurance Portability and Accountability Act. This HIPAA primer covers HIPAA 101 basics, meaning, entitities, etc.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note October 9, 2015

If you’re going through a HIPAA security audit by a hospital or payer compliance office, auditing and logging will show that your application is secure.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA

While HIPAA Compliance at the infrastructure level is heavy on technology, HIPAA Compliance at the application level is more of a blend of technology and policy.

Kris Gösser

Kris Gösser

Chief Marketing Officer

tag HIPAA tag Healthcare Cloud
event-note September 16, 2015

Business associates and subcontractors need a HIPAA disaster recovery contingency plan in place to maintain the integrity of ePHI in case of a disaster.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note July 24, 2015

HIPAA requires that business associates and covered entities retain multiple types of data for at least six years. Learn what data you need to retain.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note January 12, 2016

A risk assessment – a HIPAA requirement – is the first thing to do since it frames many decisions you’ll make regarding your security posture.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note April 14, 2016

Understanding the HIPAA breach policy and having a breach notification checklist can prepare you in case of unauthorized disclosure of ePHI.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note March 23, 2016

HIPAA encryption strategy is another factor of HIPAA compliance, whether HIPAA SSL, data at rest, Filevault2, firewall encryption, or more.

Adam Leko

Adam Leko

Datica Alumni — Former Chief Technology Officer

tag HIPAA
event-note September 9, 2015

What exactly is multi tenant cloud and does Datica Compliant Cloud offer a multi tenant environment?

Mohan Balachandran

Mohan Balachandran

Datica Alumni — Former Co-Founder

tag HIPAA
event-note August 21, 2015

The major part of security in healthcare is HIPAA, and the HIPAA rules changed in late 2013 with the new HIPAA Omnibus that adds subcontractors entities.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note March 16, 2016

HL7 is a healthcare industry standard for messaging between applications, for example from EHR to PMS. Learn HL7 basics, including HL7 v2 and v3.

Mohan Balachandran

Mohan Balachandran

Datica Alumni — Former Co-Founder

tag HL7
event-note March 11, 2016

This deep dive explains HL7 message types, message structure, message segments, codes, fields and the complete anatomy of an HL7 message.

Mohan Balachandran

Mohan Balachandran

Datica Alumni — Former Co-Founder

tag HL7

HL7 ADT message types are the most common HL7 messages. We explain ADT message structure, segments, and event types, including HL7 ADT message examples.

Mohan Balachandran

Mohan Balachandran

Datica Alumni — Former Co-Founder

tag HL7

The HL7 acknowledgement message, HL7 ACK, is critical for smooth, ongoing HL7 communication. Learn the nuances of HL7 ACK messages, segments, and codes.

Mohan Balachandran

Mohan Balachandran

Datica Alumni — Former Co-Founder

tag HL7
event-note September 2, 2014

The Order Entry (ORM) message is a common HL7 message type. ORM messages contain information about an order, most commonly radiology or lab orders.

Mohan Balachandran

Mohan Balachandran

Datica Alumni — Former Co-Founder

tag HL7

The HL7 SIU and HL7 SRM message types are HL7 appointment scheduling messages with date and time, resources, services, location, and more appoint info.

Mohan Balachandran

Mohan Balachandran

Datica Alumni — Former Co-Founder

tag HL7

The Medical Document Management (MDM) message is a commonly used HL7 message type that provides information about new or updated notes or documents.

Rick Wattras

Rick Wattras

Healthcare Integration Engineer Team Lead

tag HL7
event-note February 13, 2015

HIPAA Security Rule standards include training workforce members. That means all employees and contractors of a business associate or covered entity.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note April 19, 2016

Lets walk through the names, players and timelines for delivering your first HL7 Epic integration or any other EHR integration like Cerner or Allscripts.

Mark Olschesky

Mark Olschesky

Chief Data Officer

tag HL7 tag EHR
event-note October 31, 2017

RESTful APIs are the backbone of many webservices today. Having the tools to integrate an not-natively-RESTful interface engine with this common standard opens a lot of possibilities. In the healthcare space, queuing the HL7 properly is critical. In this article, we explore ways to do this properly.

Eric Richards

Eric Richards

Datica Alumni — Former Healthcare Integration Engineer

tag HL7 tag Mirth
event-note May 26, 2015

The FHIR acronym stands for Fast Healthcare Interoperability Resources. FHIR is a new open sourced interoperability standard of the HL7 organization.

Mohan Balachandran

Mohan Balachandran

Datica Alumni — Former Co-Founder

tag FHIR
event-note May 17, 2016

There’s confusion around the MACRA, MIPs, and APMs goals. It begs the question, Is Meaningful Use dead? Learn the MIPS APM and MACRA acronyms and more.

Casey Bryson

Casey Bryson

Datica Alumni — Former Chief Strategy Officer

tag Company

High performance scores and ratings can be a strategic advantage over competitors. Understand MIPS, including qualifiers, scoring, and threshholds.

Mohan Balachandran

Mohan Balachandran

Datica Alumni — Former Co-Founder

tag Company
event-note March 2, 2015

HIPAA attestation is everywhere but are they really compliant? Companies can self-attest to HIPAA compliance because there are no HIPAA certifications.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA

The FHIR standard is based on API routes but what should the API route look like? Learn general design principles and guidelines to build RESTful APIs.

Mohan Balachandran

Mohan Balachandran

Datica Alumni — Former Co-Founder

tag FHIR

To understand FHIR, you must understand the FHIR Resource Object. This entry will help explain its origins and intent with links to help.

Mohan Balachandran

Mohan Balachandran

Datica Alumni — Former Co-Founder

tag FHIR
event-note February 20, 2016

The HIPAA Privacy Rule is important to understand because it explains the types of data, covered entities, and uses of data HIPAA is concerned about.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note February 13, 2015

The HIPAA Security Rule describes the ways in which electronic protected health information, or ePHI, needs to be protected.

Adam Leko

Adam Leko

Datica Alumni — Former Chief Technology Officer

tag HIPAA
event-note November 13, 2015

Learn about HIPAA enforcement, including who is responsible for enforcing HIPAA violations and compliance, and the fines for violating HIPAA.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA
event-note February 8, 2018

GxP stands for “Good Practice” and is a set of operational controls for Life Sciences organizations working within the confines of the FDA. Learn more about GxP compliance.

Kris Gösser

Kris Gösser

Chief Marketing Officer

tag GxP
event-note April 22, 2016

HITRUST certification by the HITRUST Alliance enables vendors and covered entities to prove HIPAA compliance based on a standardized framework.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HITRUST

The acronym PHI stands for Protected Health Information. An individual’s PHI is data on health status, provision of health care, or payment for health.

Mohan Balachandran

Mohan Balachandran

Datica Alumni — Former Co-Founder

tag HIPAA
event-note January 9, 2018

What is the definition of a security incident and data breach under HIPAA and GDPR and how do they compare? This article breaks down the key terminology.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag GDPR
event-note April 5, 2016

This post discusses HIPAA and different types of hosted infrastructure options, answering the question of why HIPAA is not PCI.

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

tag HIPAA

Recently at Datica

Datica Blog

Learn what it takes to be compliant on the cloud with our free self assessment

Kris Gösser

Chief Marketing Officer

The biggest barrier to a successful cloud compliance program is simply the complexity of understanding everything. This new compliance self-assessment worksheet will help.

event-note July 12, 2018
Special Report: 2018 CIO Cloud Perspectives

Healthcare Cloud Take-off: Waiting for the Fog to Clear

preview