Compliance for the Datica Platform

Compliance matters because it establishes credibility of your product within the industry. Without it, you'll never get a foot in the door.

Satisfying compliance without sacrificing the benefits of the cloud is how you get to market faster while reducing costs.


Compliance Facts


Total number of independent audits Datica has passed, including HIPAA and SOC 2.


Total number of HITRUST CSF Certifications Datica has received, two full and one interim since 2015.


Total number of security and risk assessments we have assisted our customers pass.

HITRUST Alliance
HIPAA logo
Dept. of Health and Human Services logo
AICPA logo

Datica is HITRUST CSF Certified.

Customers benefit from serious credibility and accelerated audits with customers like hospitals, payers, and pharma.


The HITRUST Common Security Framework (CSF) has become the preferred way to prove compliance in healthcare. HIPAA is the regulation from the U.S. government, while HITRUST is an industry-led initiative to provide a prescriptive framing of what it means to be 'HIPAA Compliant'.

The value of HITRUST within healthcare is that organizations can now finally skip past the he-said-she-said lawyering of audits. Now when a HITRUST certification is presented, organizations accept it immediately and move onto the next stage of the business relationship, saving you time and money.

Get the case study

Leading the discussion about compliance


Sitting member of the B.A. Council

The HITRUST Alliance established the Business Associate Counsel for businesses to collaborate on what the future of HIPAA compliance and HITRUST means for them and the industry. Datica has a leading voice in the discussion, while serving with companies like Epic, Dropbox, and Salesforce.

Read more about the council


Nationally Recognized Speakers

HIMSS SXSW AHIMA AHIP Health 2.0 IBM Cloud Innovation Tour Digital Health Summit Stanford MedX

Open sourced company policies give healthcare organizations a headstart

What people are saying about Datica’s Open Source Policies

"We believe that for Datica to open source these documents is truly ground breaking in healthcare IT.

In the past we’ve spent an enormous amount of funds creating & updating our policies. We have yearly evaluations of our policies in October and this past October (2014) we were able to update and implement a number of improvements to our existing policies all based off the information we gathered from Datica's policies. This cost us zero dollars in comparison to our expensive updating of policies in prior years.

This is definitely the first time we have seen policies open sourced and we applaud the use of tools like GitHub to manage version control of all policies.

I think this could be revolutionary in helping the industry as a whole collaborate to improve privacy and security practices by gathering information from the highest level security/privacy experts in the field and making it available via similar open source methods.”

Katelyn Gleason

Katelyn Gleason

CEO & Cofounder, Eligible Inc.

We’re dedicated to making the industry better

In 2014 Datica open sourced our company policies under a a CC BY-SA 4.0 license. Since then the response has been overwhelmingly positive—we have had more activity on GitHub than governmental institutions like the FDA. Along the way we’ve helped hundreds of businesses get started by eliminating this portion of HIPAA compliance as a burden.

Our policies have been written with modern, cloud-based technology vendors in mind. We looked far and wide for policy examples that fit our company, and couldn’t find any. So we wrote our own. Importantly, these policies have been through multiple external audits—two HIPAA audits and one HITRUST audit.

Do you handle PHI and not yet have your own company policies in place? Then you’ll find our content useful.

Policies Overview