The Datica Blog

Guide to Understanding HITRUST

Datica walks you through the basics of HITRUST, how much it costs, why it's important, and why it should be on your radar in the future.

HIPAA & HITRUST Self-Assessment

This lightweight self-assessment worksheet illuminates the cloud compliance requirements of HIPAA that you need to plan for in your own digital health product.

HIPAA Compliance at the Application Level

HIPAA compliance at the application level is different than the infrastructure level. This comprehensive guide explains HIPAA considerations for digital health applications.

Understanding HIPAA compliance

This guide will walk you through important definitions and concepts, building on previous learnings. You will emerge armed with a basic understanding to HIPAA's purpose and rules, your obligations, and ways to address compliance.

Understanding the Total Cost of Ownership of Cloud Compliance

In this guide are tested formulas and directional advice from the compliance and cloud experts at Datica on how to measure and manage the total cost of ownership to achieve compliance in the cloud.

What does HIPAA stand for?

What does HIPAA stand for? We break it down for you here.

HIPAA and Data Breaches

Understanding the HIPAA breach policy and having a breach notification checklist can prepare you in case of unauthorized disclosure of ePHI.

What is the HITRUST Framework?

Most don't realize HITRUST is not a framework at all, but an organization comprised of healthcare industry leaders. Let's dive into the HITRUST CSF Framework, developed by the HITRUST organization, in partner with other technology and information security leaders.

What’s an Application Developer's Responsibility for HIPAA?

To get started down that road to HIPAA compliance, application developers first need to understand the basic categories of HIPAA controls and which ones apply to them.

50 Best HIPAA-Compliant Cloud Storage Solutions

Our list of the 50 best HIPAA-compliant cloud storage solutions will help you find the best solution with the functionality and features for your business.

What is Protected Health Information (PHI)?

The acronym PHI stands for Protected Health Information. An individual's PHI is data on health status, provision of health care, or payment for health.

3 Common Misconceptions About Business Associate Agreements

HIPAA outlines the types of entities that are covered but the further down the line a subcontractor gets from a covered entity, the more confusion there is.

Top 50 Health IT Conferences to Attend in 2020

To make it easier for you to plan your conference attendance schedule for 2020, we’ve compiled our picks for the 50 must-attend health IT conferences. These events are designed to connect healthcare professionals working in a variety of unique disciplines, touching on hot-button topics for today’s healthcare organizations.

5 Steps to HITRUST CSF Certification

Complying with HIPAA and proving it are two very different things. Let us show you the 5 Steps to HITRUST CSF Certification.

Cybersecurity Conferences to Attend in 2020

Considering attending a few cybersecurity conferences this year, but not sure which would be worthwhile to attend? Well, look no further. We pulled together our list of the top 14 cybersecurity conferences that you should consider attending in 2020.

What is the Cost of HITRUST CSF Certification in 2020?

The costs for a HITRUST Certification in 2020 have gone up as the HITRUST CSF has evolved and become more complex.

How long to keep medical records under HIPAA?

Guess what? HIPAA doesn't say how long you have to keep medical records. This is a common misconception of HIPAA data retention policy.

What is HITRUST?

HITRUST certification by the HITRUST Alliance enables vendors and covered entities to prove HIPAA compliance based on a standardized framework.

How to Comply When You Receive a HIPAA Breach Notification

A HIPAA breach isn't beneficial for any parties involved, but that doesn't mean you can't prepare in advance to comply in the event a breach does happen.

What Are HITRUST Requirements?

The HITRUST CSF is a framework designed and created to streamline regulatory compliance. Companies that implement HITRUST CSF controls and strive to meet HITRUST requirements are better equipped for audits and lower their regulatory risk, but what are those requirements?

What is a HITRUST CSF Self-Assessment?

Here’s what you need to know about the HITRUST CSF Self-Assessment, how it works, and how to determine if the self-assessment option is sufficient for your organization.

Who is HITRUST CSF Certified?

The HITRUST certification is the highest Degree of Assurance a company can obtain. The HITRUST certification is increasingly required of business associates by some entities, such as health insurance providers, in order to ensure that business associates have the adequate security controls and protections in place to protect sensitive personal data.

HIPAA vs HITRUST

HITRUST and HIPAA are two critical topics in healthcare, but do you know how they differ? Let's break it down and explore additional resources to learn more.

4 Ways Big Data is Transforming Healthcare Analytics

Big data and advanced analytics are poised to drive innovation across healthcare. Here are four ways that big data is already transforming analytics, what a big data driven healthcare may look like in the future, and some of the pressing challenges facing healthcare analytics.

51 Best Healthcare IT Blogs You Should be Reading

To help you find the best, most up-to-date, insightful blogs from health IT professionals, clinicians, and leading journalists in the health IT space, we've rounded up a collection of 50 must-read blogs.

What is the cost of a HIPAA audit?

The cost of a HIPAA audit depends on audit type – HIPAA gap assessment, full HIPAA audit, or validated HITRUST assessment – and indirect costs like time.

Business Associate Agreements

With ePHI access, business associates are required to sign a HIPAA business associate agreement (BAA). Learn more about business associate agreements here.

HIPAA and Encryption

HIPAA encryption strategy is another factor of HIPAA compliance, whether HIPAA SSL, data at rest, Filevault2, firewall encryption, or more.

HIPAA Compliance at the Application Level

While HIPAA Compliance at the infrastructure level is heavy on technology, HIPAA Compliance at the application level is more of a blend of technology and policy.

HIPAA Data Retention Requirements

HIPAA requires that business associates and covered entities retain multiple types of data for at least six years. Learn what data you need to retain.

HIPAA Risk Assessment and Management

A risk assessment – a HIPAA requirement – is the first thing to do since it frames many decisions you'll make regarding your security posture.

HIPAA, Subcontractors, and BAAs

The major part of security in healthcare is HIPAA, and the HIPAA rules changed in late 2013 with the new HIPAA Omnibus that adds subcontractors entities.

Saas, Paas, IaaS; What's the Difference?

As healthcare increasingly turns to cloud infrastructure, you might want to get to know the different service delivery models — SaaS, PaaS, and IaaS.

The Importance of Business Associate Agreements (BAAs)

Simply put, a Business Associate Agreement (BAA) defines responsibility, and thus liability, with respect to the handling of PHI data.

What are the Benefits of Cloud Computing in Healthcare?

The digitization of healthcare is occurring at a blistering pace – take a second to familiarize yourself with a few key concepts. From superior data security to enabling big data applications, the benefits of cloud computing in healthcare are clear.

What Exactly is a Digital Health Application?

Are digital health apps consumer-facing, or used in a clinical setting? How are they improving patient outcomes? How are digital health apps integrated into clinicians’ workflows?

What Are the HIPAA Cloud Compliance Options for Healthcare?

As healthcare moves to the cloud, organizations are looking for low-cost ways to provision the complex IT infrastructure and HIPAA-compliant applications, storage, and networking solutions that support a variety of core organizational functions to healthcare providers.

AWS RDS Guide - How to configure RDS to comply with HIPAA and HITRUST

Amazon ElastiCache for Redis HITRUST CSF Configuration Guide

This step-by-step guide gives developers easy-to-understand instructions to configure Amazon ElastiCache for Redis instances to be HITRUST CSF ready. In the following sections we walk through the requirements, controls, and configurations for ElastiCache for Redis.

GxP and Business Associates: Does it exist like HIPAA?

GxP does not have the concept or BAAs or contracts that outline risk like HIPAA does. There is no concept of inheritance or chaining liability. Learn more here.

HIPAA Contingency Planning + Disaster Recovery

Business associates and subcontractors need a HIPAA disaster recovery contingency plan in place to maintain the integrity of ePHI in case of a disaster.

How to Optimize your Compliance Posture with a Maturity Model

In this guide, we will walk you through the reasoning, structure, and ways to leverage a maturity model, such as the HITRUST maturity model, to optimize your compliance posture.

What is a Data Breach under GDPR and HIPAA?

What is the definition of a security incident and data breach under HIPAA and GDPR and how do they compare? This article breaks down the key terminology.

Credit Card Processing & HIPAA

Do I need a business associate agreement to comply with HIPAA when doing medical credit card processing for healthcare payments?

HIPAA and Multi Tenancy

What exactly is multi tenant cloud and does Datica Compliant Cloud offer a multi tenant environment?

Maturity Model Level Zero: Picking a Compliance DNA

In starting a compliance program, there is work to be done before you get to level one of the maturity model. We call this level zero.

Artifacts and Why They Matter for Compliance

With all the attention on compliance and the need for compliance artifacts, or evidence, to be successful, it’s helpful to understand more about artifacts.

HIPAA 101 A primer

The HIPAA acronym stands for the Health Insurance Portability and Accountability Act. This HIPAA primer covers HIPAA 101 basics, meaning, entitities, etc.

HIPAA Auditing and Logging

If you're going through a HIPAA security audit by a hospital or payer compliance office, auditing and logging will show that your application is secure.

Proving HIPAA Compliance

HIPAA attestation is everywhere but are they really compliant? Companies can self-attest to HIPAA compliance because there are no HIPAA certifications.

The HIPAA Privacy Rule

The HIPAA Privacy Rule is important to understand because it explains the types of data, covered entities, and uses of data HIPAA is concerned about.

SOC 2 Type II Compliance for Cloud Computing

At Datica, we are often asked about SOC 2 Type II and how it relates to HIPAA and HITRUST. This article is to help explain how a SOC 2 Type II audit compares to HIPAA compliance and other regulatory audits in the United States.

GDPR Data Breach Notification Checklist

This GDPR data breach notification checklist outlines the steps that should be orchestrated by your data protection officer to ensure GDPR compliance.

GDPR Data Breach Requirements

One of the most challenging aspects of any security and compliance program, including GDPR, is breach notification.

GDPR Fines and Penalties

GDPR compliance is an imperative starting May, 2018 for companies who work with data on EU citizens. Understand the fines and penalties in Article 83.

GDPR for Cloud Service Providers (That's You!)

Cloud Service Providers doing business in the EU are Processors under GDPR—it's kind of like being a HIPAA Covered Entity in the U.S. Read more on GDPR Service Providers.

What does it take to be a 100% HIPAA compliant cloud company?

Datica has spent extensive time and money on security and organizational policies and procedures specifically to comply with HIPAA and share with our customers.

What is GxP?

GxP stands for "Good Practice" and is a set of operational controls for Life Sciences organizations working within the confines of the FDA. Learn more about GxP compliance.

How does GDPR compare to HIPAA?

Though different in who they apply to and how you prove compliance, HIPAA and GDPR are both about having security as a core tenet of operations.

4 Challenges & Solutions for Big Data Capturing

Data capturing is becoming an increasingly automated process across all modern interactions. Specifically in healthcare, electronic health record systems are digitizing existing patient records to be used in patient care, surgical procedures, and clinical trials.

What is Backend as a Service and what does it mean in a healthcare context

We're working on taking much of the discovery and drudgery out of building a healthcare-specific backend process (BaaS) with Datica Compliant Cloud.

5 HIPAA Topics to Address With Clinicians

HIPAA regulations outline IT compliance in high-level detail but don't specify methods for true compliance — an obstacle for healthcare clinicians.

Inheritance and Ownership of Compliance Risk

The HIPAA Omnibus Rule accounted for the paradigm shift in technology development and cloud computing.