We’ve noticed that our message is really resonating with people these days, so I wanted to share it with the community to remind everyone what MedStack is all about.
In order to make app development in healthcare as easy as in any other industry we couldn’t just solve some of the legislated requirements, we had to solve all of them. So we tackled all three pillars of HIPAA compliance–physical safeguards, technical safeguards, and administrative safeguards.
- Physical Safeguards – These are mostly met by the major public cloud providers (i.e. Amazon Web Services (AWS) and Microsoft Azure). They ensure that the proper protocols are in place for security guards, security cameras, data centre disaster recovery and prevention, etc. AWS and Azure contractually agree to meeting these requirements for all MedStack-provisioned infrastructure through a Business Associate Agreement (BAA).
- Technical Safeguards – Using our DevOps compiler and automation engine, MedStack takes the infrastructure from AWS and Azure and wraps it into our security and compliance layer that meets HIPAA’s technical requirements. This includes technology that we’ve built for things such as encryption of data both at-rest and in-transit, audit logging, backups, our active monitoring dashboard, network security, access control, port control, identity management, and much more. We then sign a BAA with our clients to ensure that we are meeting the technical requirements, including the promises that AWS and Azure have made to us around physical safeguards.
- Administrative Safeguards – These are policies and procedures that need to be implemented into the operations of a Business Associate’s (BA) organization. These are things like employee training, physical device password protection, breach notification procedures, and organizational access controls, for example. Working with our privacy partners, we perform a complete gap analysis, ensure that these policies and procedures are in place and provide HIPAA training to the BA’s employees and designated privacy officer within the organization.
We began by building the MedStack platform to meet the requirements of HIPAA in the US because these are some of the most stringent healthcare regulations globally. With a few tweaks we are able to meet and exceed the Canadian privacy legislation (PIPEDA) and the various provincial health data privacy regulations (ex. PHIPA, PIPA, PHIA, HIPAA, etc.), as well as GDPR in the European Union.
By adopting the MedStack platform, our clients are reducing the extra time and cost that it takes to build a healthcare app from 6 months and $100k down to a couple weeks and a simple monthly cloud hosting fee. Our intelligent DevOps compiler ensures that as our clients grow and their infrastructure changes, that all of the technical safeguards remain intact and their compliance status is up-to-date. With the new Self-Service and Compliance Manager tools that we’ll be launching later this year, this will be further simplified to almost instantaneous HIPAA compliance.
The best part is that it’s working! Our customers are building amazing digital health products, getting to market quickly, and positively impacting the lives of patients and clinicians across North America and around the world. We thrive on watching our customers continue to grow and drive innovation in healthcare, and couldn’t be more proud to be part of their success.
If you’d like to learn more or just want to share your thoughts, please send me an email at firstname.lastname@example.org. I’d love to hear from you!