The Datica Blog

What is the HITRUST Framework?

Most don't realize HITRUST is not a framework at all, but an organization comprised of healthcare industry leaders. Let's dive into the HITRUST CSF Framework, developed by the HITRUST organization, in partner with other technology and information security leaders.

The 12 Key Requirements for PCI Compliance

Follow these 12 simple PCI requirements to protect your customers, avoid fees, and grow your business.

AWS HIPAA Compliance: 5 Best Practices

It’s your responsibility to follow HIPAA requirements while using AWS. Use these five best practices to enjoy the convenience of AWS while staying HIPAA compliant!

What is PCI Compliance, and Why is It Important?

Learn more about what PCI compliance means and five reasons it’s beneficial for both your business and your customers.

HIPAA Compliance Audit: 5 Steps to Ensure You're Prepared

Avoid the fines, lawsuits, and PR headaches that come with data breaches and failed audits. Follow these five steps to ensure you’re prepared for your next HIPAA audit.

SOC 2 Compliance Checklist

The SOC 2 compliance process takes several months, and it’s not a process to take lightly. Follow these steps to assess your readiness, prepare for an audit, and earn your SOC 2 certification.

What is SOC 2? The Complete Guide to SOC 2 Compliance + Checklist

If you store any kind of customer data in the cloud, you need to follow the System and Organization Control 2 (SOC 2) standards. Learn how SOC 2 works and five essential best practices you should follow to stay compliant.

Guide to Understanding HITRUST

Datica walks you through the basics of HITRUST, how much it costs, why it's important, and why it should be on your radar in the future.

HIPAA & HITRUST Self-Assessment

This lightweight self-assessment worksheet illuminates the cloud compliance requirements of HIPAA that you need to plan for in your own digital health product.

HIPAA Compliance at the Application Level

HIPAA compliance at the application level is different than the infrastructure level. This comprehensive guide explains HIPAA considerations for digital health applications.

Understanding HIPAA compliance

This guide will walk you through important definitions and concepts, building on previous learnings. You will emerge armed with a basic understanding to HIPAA's purpose and rules, your obligations, and ways to address compliance.

Understanding the Total Cost of Ownership of Cloud Compliance

In this guide are tested formulas and directional advice from the compliance and cloud experts at Datica on how to measure and manage the total cost of ownership to achieve compliance in the cloud.

What does HIPAA stand for?

What does HIPAA stand for? We break it down for you here.

HIPAA and Data Breaches

Understanding the HIPAA breach policy and having a breach notification checklist can prepare you in case of unauthorized disclosure of ePHI.

What’s an Application Developer's Responsibility for HIPAA?

To get started down that road to HIPAA compliance, application developers first need to understand the basic categories of HIPAA controls and which ones apply to them.

50 Best HIPAA-Compliant Cloud Storage Solutions

Our list of the 50 best HIPAA-compliant cloud storage solutions will help you find the best solution with the functionality and features for your business.

What is Protected Health Information (PHI)?

The acronym PHI stands for Protected Health Information. An individual's PHI is data on health status, provision of health care, or payment for health.

3 Common Misconceptions About Business Associate Agreements

HIPAA outlines the types of entities that are covered but the further down the line a subcontractor gets from a covered entity, the more confusion there is.

Top 50 Health IT Conferences to Attend in 2020

To make it easier for you to plan your conference attendance schedule for 2020, we’ve compiled our picks for the 50 must-attend health IT conferences. These events are designed to connect healthcare professionals working in a variety of unique disciplines, touching on hot-button topics for today’s healthcare organizations.

5 Steps to HITRUST CSF Certification

Complying with HIPAA and proving it are two very different things. Let us show you the 5 Steps to HITRUST CSF Certification.

Cybersecurity Conferences to Attend in 2020

Considering attending a few cybersecurity conferences this year, but not sure which would be worthwhile to attend? Well, look no further. We pulled together our list of the top 14 cybersecurity conferences that you should consider attending in 2020.

What is the Cost of HITRUST CSF Certification in 2020?

The costs for a HITRUST Certification in 2020 have gone up as the HITRUST CSF has evolved and become more complex.

How long to keep medical records under HIPAA?

Guess what? HIPAA doesn't say how long you have to keep medical records. This is a common misconception of HIPAA data retention policy.

What is HITRUST?

HITRUST certification by the HITRUST Alliance enables vendors and covered entities to prove HIPAA compliance based on a standardized framework.

How to Comply When You Receive a HIPAA Breach Notification

A HIPAA breach isn't beneficial for any parties involved, but that doesn't mean you can't prepare in advance to comply in the event a breach does happen.

What Are HITRUST Requirements?

The HITRUST CSF is a framework designed and created to streamline regulatory compliance. Companies that implement HITRUST CSF controls and strive to meet HITRUST requirements are better equipped for audits and lower their regulatory risk, but what are those requirements?

What is a HITRUST CSF Self-Assessment?

Here’s what you need to know about the HITRUST CSF Self-Assessment, how it works, and how to determine if the self-assessment option is sufficient for your organization.

Who is HITRUST CSF Certified?

The HITRUST certification is the highest Degree of Assurance a company can obtain. The HITRUST certification is increasingly required of business associates by some entities, such as health insurance providers, in order to ensure that business associates have the adequate security controls and protections in place to protect sensitive personal data.

HIPAA vs HITRUST

HITRUST and HIPAA are two critical topics in healthcare, but do you know how they differ? Let's break it down and explore additional resources to learn more.

4 Ways Big Data is Transforming Healthcare Analytics

Big data and advanced analytics are poised to drive innovation across healthcare. Here are four ways that big data is already transforming analytics, what a big data driven healthcare may look like in the future, and some of the pressing challenges facing healthcare analytics.

51 Best Healthcare IT Blogs You Should be Reading

To help you find the best, most up-to-date, insightful blogs from health IT professionals, clinicians, and leading journalists in the health IT space, we've rounded up a collection of 50 must-read blogs.

What is the cost of a HIPAA audit?

The cost of a HIPAA audit depends on audit type – HIPAA gap assessment, full HIPAA audit, or validated HITRUST assessment – and indirect costs like time.

Business Associate Agreements

With ePHI access, business associates are required to sign a HIPAA business associate agreement (BAA). Learn more about business associate agreements here.

HIPAA and Encryption

HIPAA encryption strategy is another factor of HIPAA compliance, whether HIPAA SSL, data at rest, Filevault2, firewall encryption, or more.

HIPAA Compliance at the Application Level

While HIPAA Compliance at the infrastructure level is heavy on technology, HIPAA Compliance at the application level is more of a blend of technology and policy.

HIPAA Data Retention Requirements

HIPAA requires that business associates and covered entities retain multiple types of data for at least six years. Learn what data you need to retain.

HIPAA Risk Assessment and Management

A risk assessment – a HIPAA requirement – is the first thing to do since it frames many decisions you'll make regarding your security posture.

HIPAA, Subcontractors, and BAAs

The major part of security in healthcare is HIPAA, and the HIPAA rules changed in late 2013 with the new HIPAA Omnibus that adds subcontractors entities.

Saas, Paas, IaaS; What's the Difference?

As healthcare increasingly turns to cloud infrastructure, you might want to get to know the different service delivery models — SaaS, PaaS, and IaaS.

The Importance of Business Associate Agreements (BAAs)

Simply put, a Business Associate Agreement (BAA) defines responsibility, and thus liability, with respect to the handling of PHI data.

What are the Benefits of Cloud Computing in Healthcare?

The digitization of healthcare is occurring at a blistering pace – take a second to familiarize yourself with a few key concepts. From superior data security to enabling big data applications, the benefits of cloud computing in healthcare are clear.

What Exactly is a Digital Health Application?

Are digital health apps consumer-facing, or used in a clinical setting? How are they improving patient outcomes? How are digital health apps integrated into clinicians’ workflows?

What Are the HIPAA Cloud Compliance Options for Healthcare?

As healthcare moves to the cloud, organizations are looking for low-cost ways to provision the complex IT infrastructure and HIPAA-compliant applications, storage, and networking solutions that support a variety of core organizational functions to healthcare providers.

AWS RDS Guide - How to configure RDS to comply with HIPAA and HITRUST

Amazon ElastiCache for Redis HITRUST CSF Configuration Guide

This step-by-step guide gives developers easy-to-understand instructions to configure Amazon ElastiCache for Redis instances to be HITRUST CSF ready. In the following sections we walk through the requirements, controls, and configurations for ElastiCache for Redis.

Who does HIPAA protect?

Who does HIPAA protect? Find out in our quick overview.

GxP and Business Associates: Does it exist like HIPAA?

GxP does not have the concept or BAAs or contracts that outline risk like HIPAA does. There is no concept of inheritance or chaining liability. Learn more here.

HIPAA Contingency Planning + Disaster Recovery

Business associates and subcontractors need a HIPAA disaster recovery contingency plan in place to maintain the integrity of ePHI in case of a disaster.

How to Optimize your Compliance Posture with a Maturity Model

In this guide, we will walk you through the reasoning, structure, and ways to leverage a maturity model, such as the HITRUST maturity model, to optimize your compliance posture.

What is a Data Breach under GDPR and HIPAA?

What is the definition of a security incident and data breach under HIPAA and GDPR and how do they compare? This article breaks down the key terminology.

Credit Card Processing & HIPAA

Do I need a business associate agreement to comply with HIPAA when doing medical credit card processing for healthcare payments?

HIPAA and Multi Tenancy

What exactly is multi tenant cloud and does Datica Compliant Cloud offer a multi tenant environment?

Maturity Model Level Zero: Picking a Compliance DNA

In starting a compliance program, there is work to be done before you get to level one of the maturity model. We call this level zero.

Artifacts and Why They Matter for Compliance

With all the attention on compliance and the need for compliance artifacts, or evidence, to be successful, it’s helpful to understand more about artifacts.

HIPAA 101 A primer

The HIPAA acronym stands for the Health Insurance Portability and Accountability Act. This HIPAA primer covers HIPAA 101 basics, meaning, entitities, etc.

HIPAA Auditing and Logging

If you're going through a HIPAA security audit by a hospital or payer compliance office, auditing and logging will show that your application is secure.

Proving HIPAA Compliance

HIPAA attestation is everywhere but are they really compliant? Companies can self-attest to HIPAA compliance because there are no HIPAA certifications.

The HIPAA Privacy Rule

The HIPAA Privacy Rule is important to understand because it explains the types of data, covered entities, and uses of data HIPAA is concerned about.

SOC 2 Type II Compliance for Cloud Computing

At Datica, we are often asked about SOC 2 Type II and how it relates to HIPAA and HITRUST. This article is to help explain how a SOC 2 Type II audit compares to HIPAA compliance and other regulatory audits in the United States.

GDPR Data Breach Notification Checklist

This GDPR data breach notification checklist outlines the steps that should be orchestrated by your data protection officer to ensure GDPR compliance.

GDPR Data Breach Requirements

One of the most challenging aspects of any security and compliance program, including GDPR, is breach notification.

GDPR Fines and Penalties

GDPR compliance is an imperative starting May, 2018 for companies who work with data on EU citizens. Understand the fines and penalties in Article 83.

GDPR for Cloud Service Providers (That's You!)

Cloud Service Providers doing business in the EU are Processors under GDPR—it's kind of like being a HIPAA Covered Entity in the U.S. Read more on GDPR Service Providers.

What does it take to be a 100% HIPAA compliant cloud company?

Datica has spent extensive time and money on security and organizational policies and procedures specifically to comply with HIPAA and share with our customers.

What is GxP?

GxP stands for "Good Practice" and is a set of operational controls for Life Sciences organizations working within the confines of the FDA. Learn more about GxP compliance.

How does GDPR compare to HIPAA?

Though different in who they apply to and how you prove compliance, HIPAA and GDPR are both about having security as a core tenet of operations.

Is HIPAA Federal or State?

Find out who enforces HIPAA and how both federal and state governments are involved.

Does HIPAA Require Encryption?

Data encryption and HIPAA is not as clear as you think – find out why.

HIPAA Do's and Don'ts

Brush up some quick Do's and Don'ts for HIPAA and remaining in compliance.

What are HIPAA Laws?

Find out why laws exist for HIPAA, a foundational piece to this compliance framework.

What are HIPAA risks?

Just like anything else, HIPPA faces potential threats that are identified as "risks" that can be further segmented – find out what they are here.

What are HIPAA violations?

There are many different cases and scenarios that could result in a HIPAA violation – take a look at some examples.

What are some examples of HIPAA violations?

HIPAA has so many regulations that there are many types of violations on top of that you must be aware of.

What does HIPAA impact?

HIPAA impacts everyday procedures within any healthcare organization, go into greater detail of what that means.

What does HIPAA training entail?

The training requirements for HIPAA are extensive and are often misunderstood, we provide a few clarifications.

What is HIPAA compliant hosting?

If you have a healthcare application, website or data storage, you must be in complete compliance, including how you are hosting it. So what is HIPAA compliant hosting and what does that mean?

What was HIPAA designed to do?

What exactly was HIPAA designed to do? We break it down in this quick overview.

Who does HIPAA apply to?

The HIPAA rules are mandatory for all covered entities and business associates but what does that mean?

4 Challenges & Solutions for Big Data Capturing

Data capturing is becoming an increasingly automated process across all modern interactions. Specifically in healthcare, electronic health record systems are digitizing existing patient records to be used in patient care, surgical procedures, and clinical trials.

What is Backend as a Service and what does it mean in a healthcare context

We're working on taking much of the discovery and drudgery out of building a healthcare-specific backend process (BaaS) with Datica Compliant Cloud.

5 HIPAA Topics to Address With Clinicians

HIPAA regulations outline IT compliance in high-level detail but don't specify methods for true compliance — an obstacle for healthcare clinicians.

Inheritance and Ownership of Compliance Risk

The HIPAA Omnibus Rule accounted for the paradigm shift in technology development and cloud computing.

Why is HIPAA Important?

There are a few reasons HIPAA is important – get in the know with our overview.

When did HIPAA go into effect?

Get a better understanding of the origination of HIPAA.

Who regulates HIPAA?

HIPAA has specifications that ensure the confidentiality and privacy of protected health information that the HHS’ Office for Civil Rights is responsible for enforcing.