hxrefactored - truevault - jason wang - api pitch
TRANSCRIPT
![Page 1: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/1.jpg)
How to Build a HIPAA!Compliant Infrastructure!Jason Wang!Founder & CEO, TrueVault!
![Page 2: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/2.jpg)
Step 1: Physical Safeguards!
• Physical security of ePHI!
• “HIPAA Compliance Ready” !
• Business Associate Agreement!
• Choices of HIPAA Compliant Hosting Providers!
• Initial Costs/Incremental Costs!
!
![Page 3: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/3.jpg)
Step 2: Technical Safeguards!
• Digital Security of ePHI!
• Required vs Addressable!
• Am I HIPAA compliant if I just deploy my code to a HIPAA compliant hosting environment?!
!
![Page 4: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/4.jpg)
Technical Safeguards!1. Access Control - Unique User Identification (required):
Assign a unique name and/or number for identifying and tracking user identity.!
!2. Access Control - Emergency Access Procedure (required):
Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency.!
3. Access Control - Automatic Logoff (addressable): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.!
!4. Access Control - Encryption and Decryption (addressable):
Implement a mechanism to encrypt and decrypt ePHI.!
![Page 5: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/5.jpg)
Technical Safeguards 5. Audit Controls (required): Implement hardware, software, and/or
procedural mechanisms that record and examine activity in information systems that contain or use ePHI.!
6. Integrity - Mechanism to Authenticate ePHI (addressable): Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.!
7. Authentication (required): Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed.!
!8. Transmission Security - Integrity Controls (addressable): Implement
security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of.!
!9. Transmission Security - Encryption (addressable): Implement a
mechanism to encrypt ePHI whenever deemed appropriate.!
![Page 6: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/6.jpg)
Am I Done?!
![Page 7: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/7.jpg)
Am I Done?!
Not Quite … J!
![Page 8: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/8.jpg)
Step 3: Security!
• Target Rich Environment!
• Application Security!
• Network Security/Intrusion Detection!
• Software/OS Security!
• Security Audit!• Time/Cost!
!
![Page 9: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/9.jpg)
Step 4: HIPAA Audit!
• Who Certifies HIPAA Compliance?!
• 3rd party Audits!• What is the process like?!• Cost!• Time!
• Any other audits?!
![Page 10: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/10.jpg)
Step 5: Insurance!
• Cyber Liability and Data Breach Insurance!
• Policy Issuers!
• Indemnification!
• Costs/Coverage!
![Page 11: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/11.jpg)
What Else Do I Need to Know?!
• Typical implementation frame!
• HIPAA will change!
• On-going maintenance!
• Staffing!
• There must be an easier way ;-)!
![Page 12: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/12.jpg)
What Else Do I Need to Know?!
• Typical implementation frame!
• HIPAA will change!
• On-going maintenance!
• Staffing!
• There must be an easier way ;-)!
![Page 13: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/13.jpg)
• HIPAA Compliant Data Store!
Standard Database
TrueVault (HIPAA Compliant)
non-‐PHI Data
PHI Data (REST API)
![Page 14: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/14.jpg)
Physical Safeguards Facility Access Ctrl, WorkstaGon Use and Security, Devices and Media Controls
Technical Safeguards EncrypGon and DecrypGon, Key Management, Key RotaGon, Access Control, Unique User IdenGficaGon, Emergency Access, AutomaGc Logoff, Audit Controls, Mechanism to AuthenGcate Electronic PHI, Person or EnGty AuthenGcaGon, Transmission Security, Integrity Controls
AdministraGve Safeguards
HIPAA Compliant HosGng
TrueVault • TrueVault handles both Technical
and Physical Safeguards.
• Developers can quickly start development on healthcare applicaGons without building a HIPAA compliant infrastructure.
• FireHost and AWS have high minimum charges ($1,115 and $1,500) and offer no help with the Technical Safeguards.
![Page 15: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/15.jpg)
• RESTful API - No Steps 1 through 5 to worry about !
• BAA + Insurance!
• Works well with existing infrastructure!
• 400+ Customers!
• Usage based pricing, no contracts!
![Page 16: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/16.jpg)
Q&A Time!Shameless Promotions:!!• TrueVault is hiring Developers, DevOps Engineers in San Francisco !
• Join our iOS SDK beta list – Be the first to release an iOS app leveraging Health Book!http://go.truevault.com/ios8!
!
![Page 17: HxRefactored - TrueVault - Jason Wang - API Pitch](https://reader031.vdocuments.mx/reader031/viewer/2022020122/555bd7afd8b42adf478b52f9/html5/thumbnails/17.jpg)
Thank you!
Jason Wang Founder & CEO, TrueVault