When we founded Datica, our goal was to leverage the experience we had building and selling health technology into a product that would help other people more easily build and scale their own technology in healthcare. We essentially wanted to productize our previous work and experience in the industry. Our focus from inception has been on taking the compliance burden off the shoulders of our customers. We’re proud that our customers are experiencing that value. That’s why we’re incredibly excited to announce that the Datica Platform is now fully HITRUST CSF Certified. You can read the official announcement here.
Datica, both our products and our company, were built from the ground up to be in compliance with the rigorous security and compliance requirements of healthcare. To that end, both our organization and our technology comply with HIPAA and HITRUST. On the organizational side, we have policies and procedures in place to secure our internal laptops, train our employees on compliance, and address all of the other administrative requirements that make up a strong information security management program. On the technical side, security, compliance, and minimizing the risk of unauthorized access of PHI is at the core of all the technical work that we do and is the foundation of the products our customers use.
Complying with HIPAA and proving it are two different things. I could tell you that we’re
HIPAA compliant. I can point you to the documentation we’ve created to show how we comply with all the various HIPAA rules. But, ultimately, because there is no true HIPAA certification, the only way to prove compliance is to go through 3rd party audits. We’ve been through two 3rd party HIPAA audits over the last 18 months. Our customers leverage those audits to prove the infrastructure they use is HIPAA compliant.
Now we have additional validation and proof in the form of our HITRUST CSF Certification. HITRUST, for those that don’t know, is an industry-driven attempt to create a prescriptive, standardized, repeatable compliance framework that all organizations in healthcare can trust. In our case, we completed a validated HITRUST assessment using a 3rd party auditor to verify our controls.
If I’m being honest, I’d tell that the process we went through to achieve HITRUST CSF Certification was incredibly painful. It was time consuming and resource intensive beyond our wildest expectations. Personally, as the Datica Privacy Officer and point person for HITRUST, I was taxed beyond anything I expected. I’ve experienced HIPAA from multiple angles - as a technical auditor, as a mobile app vendor, as a clinician, and as a compliant platform vendor - but I learned more about compliance from this HITRUST experience than anything I’ve done before.
But, that’s all the more reason to be excited about this announcement! HITRUST isn’t easy, and it shouldn’t be. The experience we’ve gained as a company and the extensive testing of our technology bring great value to our customers. I’m ecstatic because our HITRUST CSF Certification will help our customers prove their applications and data are secure. It’s more compelling proof than our HIPAA audits.
If you’re already a Datica customer, there’s nothing you need to do; the infrastructure you’re hosting on is now HITRUST CSF Certified. If you’re not a Datica customer and want to learn why this is so valuable, or you just have questions about what it takes to complete a HIPAA audit or HITRUST assessment, please don’t hesitate to reach out.