HxRefactored - TrueVault - Jason Wang  - API Pitch
Upcoming SlideShare
Loading in...5
×
 

HxRefactored - TrueVault - Jason Wang - API Pitch

on

  • 152 views

 

Statistics

Views

Total Views
152
Views on SlideShare
152
Embed Views
0

Actions

Likes
0
Downloads
4
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

HxRefactored - TrueVault - Jason Wang  - API Pitch HxRefactored - TrueVault - Jason Wang - API Pitch Presentation Transcript

  • How to Build a HIPAA! Compliant Infrastructure! Jason Wang! Founder & CEO, TrueVault!
  • Step 1: Physical Safeguards! •  Physical security of ePHI! •  “HIPAA Compliance Ready” ! •  Business Associate Agreement! •  Choices of HIPAA Compliant Hosting Providers! •  Initial Costs/Incremental Costs! !
  • Step 2: Technical Safeguards! •  Digital Security of ePHI! •  Required vs Addressable! •  Am I HIPAA compliant if I just deploy my code to a HIPAA compliant hosting environment?! !
  • Technical Safeguards! 1.  Access Control - Unique User Identification (required): Assign a unique name and/or number for identifying and tracking user identity.! ! 2.  Access Control - Emergency Access Procedure (required): Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency.! 3.  Access Control - Automatic Logoff (addressable): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.! ! 4.  Access Control - Encryption and Decryption (addressable): Implement a mechanism to encrypt and decrypt ePHI.!
  • Technical Safeguards 5.  Audit Controls (required): Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.! 6.  Integrity - Mechanism to Authenticate ePHI (addressable): Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.! 7.  Authentication (required): Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed.! ! 8.  Transmission Security - Integrity Controls (addressable): Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of.! ! 9.  Transmission Security - Encryption (addressable): Implement a mechanism to encrypt ePHI whenever deemed appropriate.!
  • Am I Done?!
  • Am I Done?! Not Quite … J!
  • Step 3: Security! •  Target Rich Environment! •  Application Security! •  Network Security/Intrusion Detection! •  Software/OS Security! •  Security Audit! •  Time/Cost!
  • Step 4: HIPAA Audit! •  Who Certifies HIPAA Compliance?! •  3rd party Audits! •  What is the process like?! •  Cost! •  Time! •  Any other audits?!
  • Step 5: Insurance! •  Cyber Liability and Data Breach Insurance! •  Policy Issuers! •  Indemnification! •  Costs/Coverage!
  • What Else Do I Need to Know?! •  Typical implementation frame! •  HIPAA will change! •  On-going maintenance! •  Staffing! •  There must be an easier way ;-)!
  • What Else Do I Need to Know?! •  Typical implementation frame! •  HIPAA will change! •  On-going maintenance! •  Staffing! •  There must be an easier way ;-)!
  • •  HIPAA Compliant Data Store! Standard  Database   TrueVault   (HIPAA  Compliant)   non-­‐PHI  Data   PHI  Data   (REST  API)  
  • Physical  Safeguards   Facility  Access  Ctrl,  WorkstaGon  Use  and   Security,  Devices  and  Media  Controls   Technical  Safeguards   EncrypGon  and  DecrypGon,  Key   Management,  Key  RotaGon,  Access   Control,  Unique  User  IdenGficaGon,   Emergency  Access,  AutomaGc  Logoff,   Audit  Controls,  Mechanism  to   AuthenGcate  Electronic  PHI,  Person  or   EnGty  AuthenGcaGon,  Transmission   Security,  Integrity  Controls   AdministraGve  Safeguards   HIPAA  Compliant   HosGng   TrueVault   •  TrueVault  handles  both  Technical   and  Physical  Safeguards.   •  Developers  can  quickly  start   development  on  healthcare   applicaGons  without  building  a   HIPAA  compliant  infrastructure.   •  FireHost  and  AWS  have  high   minimum  charges  ($1,115  and   $1,500)  and  offer  no  help  with   the  Technical  Safeguards.  
  • •  RESTful API - No Steps 1 through 5 to worry about ! •  BAA + Insurance! •  Works well with existing infrastructure! •  400+ Customers! •  Usage based pricing, no contracts!
  • Q&A Time! Shameless Promotions:! ! •  TrueVault is hiring Developers, DevOps Engineers in San Francisco ! •  Join our iOS SDK beta list – Be the first to release an iOS app leveraging Health Book! http://go.truevault.com/ios8! !
  • Thank  you!   Jason  Wang   Founder  &  CEO,  TrueVault