MedStack Introduces Self-Service Active Compliance System for Healthcare App Companies Bringing Infrastructure Security, Privacy Training and Administrative Policies for HIPAA and GDPR Together Into an Integrated Platform


MedStack Active Compliance System

Today, at HLTH, MedStack announced our new Active Compliance system that completely rethinks the way healthcare data privacy and security compliance is measured and assessed across legislations and frameworks. Built via an expanded partnership with expert digital privacy services company Privacy Horizon and leveraging MedStack’s proven active compliance monitoring technology, the system acts as a “virtual privacy officer”, facilitating self-assessment of the business and technology offerings of any digital health startup.

The challenge in bringing digital healthcare to market

Today’s privacy and security compliance assessment processes are fraught with drawbacks and inefficiencies, such as the need for manual verification of paper-based assessments, which offer no promise or indication on how health data will be protected on an ongoing basis. Developers and innovators are burdened with large resource investment to work with different privacy and security legislation and frameworks, and each hospital’s own auditing process in order to best position themselves and integrate their solutions with providers and payers. In addition, the lack of cohesion between technical implementations and legislative requirements means more work and less faith during the auditing process, and fewer apps in the ecosystem.

How the MedStack Active Compliance System reinvents innovation onboarding

The MedStack Active Compliance System modernizes these efforts by accelerating and simplifying the compliance assessment process, without compromising the checks and protections required.

  • Technical Safeguards compliance check – Infrastructure-level safeguards may be measured against specific line items in the requirements of HITECH, GDPR, PIPEDA, ISO 27001 and NIST at once with an intuitive health meter for each
  • Auto-generation of privacy policies – Policies to govern a company’s technical operations specifically referring to these frameworks may be generated from the system; the policies are written to be machine-readable and auditable
  • Easy access to employee training – Administrative compliance efforts are supplemented via an admin interface for online training, including notifications of new available modules and alerts for privacy training necessity and completion

With the MedStack Active Compliance System, healthcare app innovators can take advantage of the system’s AI-powered engine to tie in technical and administrative practices to auditable policies during healthcare enterprise onboarding evaluations.

Bringing technical and administrative compliance together

Balaji Gopalan, MedStack’s Co-Founder and CEO, said “Our mission from the get-go has been to remove friction in the digital health innovation adoption process, and help the healthcare provider industry leverage technologies to deliver better, faster, smarter care at higher capacity. The first thing we’ve done is create an industry-standard framework for helping healthcare startups be better prepared for the IT diligence processes they’ll face. We’re excited to take the next step in working with Privacy Horizon to amalgamate technical and administrative compliance into one assessment and making it machine-driven and automated, truly creating a level playing field for a wider community of innovators.”

Patrick Lo, Privacy Horizon’s CEO, said “The MedStack Active Compliance System is built on Privacy Horizon’s PHI Framework™, a proven method to enable startup companies to build privacy and security into their products and services. Based on the 3 pillars of Awareness, Assessment and Action, the PHI Framework™ allows organizations to focus their energies on designing and developing their core offerings for their customers. We are happy to partner with MedStack to bring leading edge privacy solutions to the startup community.”

Access to the MedStack Active Compliance System will be via monthly subscription, starting at a free tier for high-level snapshot assessment. The single subscription will incorporate both technical and administrative safeguards, including:

  • Defense-in-Depth powered application and database cloud hosting on MedStack’s compliant platform with integrated network security, encryption, scheduled backups, user management, audit logging feeds and Active Compliance monitoring technology. This dashboard will also support MedStack’s coming container-based self-provisioning system.
  • Online privacy training modules and tracking of completion.
  • Auto-generation of Privacy Impact and Threat Risk assessments, and compliance reports for HIPAA, GDPR, and ISO 27001.

The new system provides an end-to-end compliance assessment and delivery solution for digital health companies around the world. In the near future it will evolve to provide a dashboard that will enable hospitals, insurance companies, governments and other healthcare delivery enterprises assess innovation projects developed internally or externally through a single interface, irrespective of how those projects were built and presented.

The MedStack Active Compliance System for digital health startups will be available in multiple jurisdictions later this year. Pricing will be announced upon availability.

To learn more, visit our kiosk at HLTH conference. Look for us at Table S15 on Startup Street, located in the Exhibit Hall.

Stay tuned for more information about the MedStack Active Compliance System. Please contact us at We’d love to hear from you.