HIPAA is complicated, but easily learned. The Datica HIPAA and Interoperability Academy walks you through the intricacies of HIPAA, HL7, and FHIR—from the highest concepts to the deepest details.

Datica Guides

Authoritative Guides Written By Industry Experts

Digital Health Success Framework eBook

This eBook is a downloadable version of our detailed, interactive Digital Health Success Framework. It’s your guide to successfully launching a digital health product.

  • HIPAA Compliance
  • Travis Good, MD
  • Mark Olschesky
    • Guide Preview
    GDPR Compliance Guide

    This guide to GDPR for the healthcare industry will prepare you to do business in the EU and understand how to handle PHI of EU citizens. With Datica, you’ll be ready when GDPR takes effect on May 25, 2018.

  • GDPR Compliance
  • Travis Good, MD
  • Christopher Gerg
    • Guide Preview
    HIPAA / HITRUST Self Assessment Guide

    This lightweight self-assessment worksheet illuminates the cloud requirements of HIPAA that you need to plan for in your own digital health product.

  • HIPAA Compliance
  • Kris Gösser
    • Guide Preview
    HIPAA Compliance at the Application Level Guide

    HIPAA compliance at the application level is different than the infrastructure level. This comprehensive guide explains HIPAA considerations for digital health applications.

  • HIPAA Compliance
  • Mark Olschesky
    • Guide Preview
    How to Integrate with Hospitals

    This guide is designed to be an educational piece for those just getting started with healthcare integration. It outlines the typical considerations, the technology required, and the players involved.

  • Mark Olschesky
  • Mohan Balachandran
  • Travis Good, MD
    • Guide Preview
    Total Cost of Ownership of Compliance in the Cloud

    In this guide are tested formulas and directional advice from the compliance and cloud experts at Datica on how to measure and manage the total cost of ownership to achieve compliance in the cloud.

  • Healthcare Cloud
  • Ryan Rich
  • Travis Good, MD
    • Guide Preview
    Total cost of Ownership of Healthcare Integrations

    In this guide, we explain our methodology for calculating healthcare integration total cost of ownership. We make the case that modern, cloud-based technology has fundamentally changed the TCO formula.

  • EHR Integrations
  • Mark Olschesky
  • Mohan Balachandran
    • Guide Preview
    Understanding HIPAA compliance

    This guide will walk you through important definitions and concepts, building on previous learnings. You will emerge armed with a basic understanding to HIPAA’s purpose and rules, your obligations, and ways to address compliance.

  • HIPAA Compliance
  • Travis Good, MD
  • Mohan Balachandran
  • Mark Olschesky
    • Guide Preview
    Understanding HITRUST

    Datica walks you through the basics of HITRUST, how much it costs, why it’s important, and why it should be on your radar in the future.

  • HITRUST
  • Travis Good, MD
    • Guide Preview

    Datica Academy Articles

    Search the Academy

    API 101: A Layperson's Guide

    event-note February 10, 2019

    Learning from the rest of the digital economy, how can application program interfaces (APIs) have the same impact in health IT.

    Dave Levin, MD

    Dave Levin, MD

    Chief Medical Officer

    tag API tag Healthcare Cloud tag EHR

    API 101: A Layperson’s Guide: Part 2 – APIs and the New Digital Economy

    event-note March 11, 2019

    The combination of service-oriented software architecture and robust, open APIs has made possible the transformation of huge swaths in the digital economy.

    Dave Levin, MD

    Dave Levin, MD

    Chief Medical Officer

    tag API tag EHR

    API Quality Matters

    event-note January 31, 2018

    The recent announcement by AthenaHealth that their APIs had been called one billion times serves as both a milestone for the use of APIs in healthcare and a reminder that API quality is as important as quantity.

    Dave Levin, MD

    Dave Levin, MD

    Chief Medical Officer

    tag API tag EHR tag FHIR

    AWS RDS Guide - How to configure RDS to comply with HIPAA and HITRUST

    event-note October 2, 2018

    This guide is intended to give developers an easy to understand, step by step runbook for configuring their AWS RDS instance to be HITRUST CSF ready. In the following sections we’ll walk through the requirements, controls, and configurations for RDS.

    Ryan Rich

    Ryan Rich

    Chief Product Officer and Chief Security Officer

    tag AWS tag HIPAA tag HITRUST tag Compliance

    Amazon ElastiCache for Redis HITRUST CSF Configuration Guide

    event-note June 7, 2019

    This step-by-step guide gives developers easy-to-understand instructions to configure Amazon ElastiCache for Redis instances to be HITRUST CSF ready. In the following sections we walk through the requirements, controls, and configurations for ElastiCache for Redis.

    Ryan Rich

    Ryan Rich

    Chief Product Officer and Chief Security Officer

    tag AWS tag HITRUST tag HIPAA tag Healthcare Cloud tag Cloud Computing

    Artifacts and Why They Matter for Compliance

    event-note October 24, 2018

    With all the attention on compliance and the need for compliance artifacts, or evidence, to be successful, it’s helpful to understand more about artifacts.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag Cloud Computing tag Compliance

    Azure Cosmos DB Guide - How to configure Cosmos DB to comply with HIPAA and HITRUST

    event-note October 2, 2018

    This guide is intended to give developers a simple way to configure their Cosmos DB service to be HITRUST CSF ready. In this guide we’ll walk through the requirements, controls, and configurations for Azure Cosmos DB.

    Ryan Rich

    Ryan Rich

    Chief Product Officer and Chief Security Officer

    tag Compliance tag HIPAA tag Microsoft

    Business Associate Agreements

    event-note April 10, 2018

    With ePHI access, business associates are required to sign a HIPAA business associate agreement (BAA). Learn more about business associate agreements here.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HIPAA

    GDPR Data Breach Notification Checklist

    event-note January 10, 2018

    This GDPR data breach notification checklist outlines the steps that should be orchestrated by your data protection officer to ensure GDPR compliance.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag GDPR

    GDPR Data Breach Requirements

    event-note January 9, 2018

    One of the most challenging aspects of any security and compliance program, including GDPR, is breach notification.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag GDPR

    GDPR Fines and Penalties

    event-note January 18, 2018

    GDPR compliance is an imperative starting May, 2018 for companies who work with data on EU citizens. Understand the fines and penalties in Article 83.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag GDPR tag Compliance

    GDPR for Cloud Service Providers (That's You!)

    event-note January 5, 2018

    Cloud Service Providers doing business in the EU are Processors under GDPR—it’s kind of like being a HIPAA Covered Entity in the U.S. Read more on GDPR Service Providers.

    Kris Gösser

    Kris Gösser

    Datica Alumni — Former Chief Marketing Officer

    tag GDPR

    Google Cloud SQL Guide - How to configure GCP Cloud SQL to comply with HIPAA and HITRUST

    event-note October 2, 2018

    This guide helps developers configure their Google Cloud SQL instance to be HITRUST CSF ready. It covers requirements, controls, and configurations for GCP Cloud SQL.

    Ryan Rich

    Ryan Rich

    Chief Product Officer and Chief Security Officer

    tag Cloud Computing tag HIPAA tag Compliance

    GxP and Business Associates: Does it exist like HIPAA?

    event-note February 8, 2018

    GxP does not have the concept or BAAs or contracts that outline risk like HIPAA does. There is no concept of inheritance or chaining liability. Learn more here.

    Kris Gösser

    Kris Gösser

    Datica Alumni — Former Chief Marketing Officer

    tag GxP

    HIPAA 101 A primer

    event-note March 21, 2018

    The HIPAA acronym stands for the Health Insurance Portability and Accountability Act. This HIPAA primer covers HIPAA 101 basics, meaning, entitities, etc.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HIPAA

    HIPAA Auditing and Logging

    event-note June 28, 2018

    If you’re going through a HIPAA security audit by a hospital or payer compliance office, auditing and logging will show that your application is secure.

    Ryan Rich

    Ryan Rich

    Chief Product Officer and Chief Security Officer

    tag HIPAA

    HIPAA Compliance at the Application Level

    event-note May 24, 2017

    While HIPAA Compliance at the infrastructure level is heavy on technology, HIPAA Compliance at the application level is more of a blend of technology and policy.

    Kris Gösser

    Kris Gösser

    Datica Alumni — Former Chief Marketing Officer

    tag HIPAA tag Healthcare Cloud

    HIPAA Contingency Planning + Disaster Recovery

    event-note June 14, 2018

    Business associates and subcontractors need a HIPAA disaster recovery contingency plan in place to maintain the integrity of ePHI in case of a disaster.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HIPAA

    HIPAA Data Retention Requirements

    event-note July 23, 2018

    HIPAA requires that business associates and covered entities retain multiple types of data for at least six years. Learn what data you need to retain.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HIPAA

    HIPAA Risk Assessment and Management

    event-note January 12, 2016

    A risk assessment – a HIPAA requirement – is the first thing to do since it frames many decisions you’ll make regarding your security posture.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HIPAA

    HIPAA and Data Breaches

    event-note April 11, 2018

    Understanding the HIPAA breach policy and having a breach notification checklist can prepare you in case of unauthorized disclosure of ePHI.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HIPAA

    HIPAA and Encryption

    event-note August 30, 2018

    HIPAA encryption strategy is another factor of HIPAA compliance, whether HIPAA SSL, data at rest, Filevault2, firewall encryption, or more.

    Ryan Rich

    Ryan Rich

    Chief Product Officer and Chief Security Officer

    tag HIPAA

    HIPAA and Multi Tenancy

    event-note January 12, 2018

    What exactly is multi tenant cloud and does Datica Compliant Cloud offer a multi tenant environment?

    Ryan Rich

    Ryan Rich

    Chief Product Officer and Chief Security Officer

    tag HIPAA

    HIPAA, Subcontractors, and BAAs

    event-note August 16, 2018

    The major part of security in healthcare is HIPAA, and the HIPAA rules changed in late 2013 with the new HIPAA Omnibus that adds subcontractors entities.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HIPAA

    HL7 101 - A primer

    event-note March 27, 2018

    HL7 is a healthcare industry standard for messaging between applications, for example from EHR to PMS. Learn HL7 basics, including HL7 v2 and v3.

    Mohan Balachandran

    Mohan Balachandran

    Datica Alumni — Former Co-Founder

    tag HL7 tag integration tag FHIR

    HL7 102 - Anatomy of an HL7 message

    event-note March 14, 2018

    This deep dive explains HL7 message types, message structure, message segments, codes, fields and the complete anatomy of an HL7 message.

    Mohan Balachandran

    Mohan Balachandran

    Datica Alumni — Former Co-Founder

    tag HL7

    HL7 201 - The Admission, Discharge, Transfer (ADT) Message

    event-note February 21, 2018

    HL7 ADT message types are the most common HL7 messages. We explain ADT message structure, segments, and event types, including HL7 ADT message examples.

    Mohan Balachandran

    Mohan Balachandran

    Datica Alumni — Former Co-Founder

    tag HL7

    HL7 202 - The HL7 ACK (Acknowledgement message)

    event-note March 15, 2018

    The HL7 acknowledgement message, HL7 ACK, is critical for smooth, ongoing HL7 communication. Learn the nuances of HL7 ACK messages, segments, and codes.

    Mohan Balachandran

    Mohan Balachandran

    Datica Alumni — Former Co-Founder

    tag HL7

    HL7 203 - The HL7 ORM (Order Entry) Message

    event-note September 3, 2018

    The Order Entry (ORM) message is a common HL7 message type. ORM messages contain information about an order, most commonly radiology or lab orders.

    Mohan Balachandran

    Mohan Balachandran

    Datica Alumni — Former Co-Founder

    tag HL7

    HL7 204 - The HL7 Scheduling messages, SIU and SRM

    event-note May 4, 2016

    The HL7 SIU and HL7 SRM message types are HL7 appointment scheduling messages with date and time, resources, services, location, and more appoint info.

    Mohan Balachandran

    Mohan Balachandran

    Datica Alumni — Former Co-Founder

    tag HL7

    HL7 205 - The HL7 MDM (Medical Document Management) Message

    event-note May 11, 2016

    The Medical Document Management (MDM) message is a commonly used HL7 message type that provides information about new or updated notes or documents.

    Rick Wattras

    Rick Wattras

    Healthcare Integration Engineer Team Lead

    tag HL7

    How to Optimize your Compliance Posture with a Maturity Model

    event-note October 9, 2018

    In this guide, we will walk you through the reasoning, structure, and ways to leverage a maturity model, such as the HITRUST maturity model, to optimize your compliance posture.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HITRUST

    How to integrate with Epic (or any EHR)

    event-note April 4, 2018

    Lets walk through the names, players and timelines for delivering your first HL7 Epic integration or any other EHR integration like Cerner or Allscripts.

    Mark Olschesky

    Mark Olschesky

    Datica Alumni — Former Chief Data Officer

    tag HL7 tag EHR

    Integrating HL7 with a RESTful API

    event-note August 10, 2018

    RESTful APIs are the backbone of many webservices today. Having the tools to integrate an not-natively-RESTful interface engine with this common standard opens a lot of possibilities. In the healthcare space, queuing the HL7 properly is critical. In this article, we explore ways to do this properly.

    Mohan Balachandran

    Mohan Balachandran

    Datica Alumni — Former Co-Founder

    tag HL7 tag Mirth

    Introduction to FHIR

    event-note May 16, 2018

    The FHIR acronym stands for Fast Healthcare Interoperability Resources. FHIR is a new open sourced interoperability standard of the HL7 organization.

    Mark Olschesky

    Mark Olschesky

    Datica Alumni — Former Chief Data Officer

    tag FHIR

    MACRA and MIPS Explanation

    event-note May 23, 2018

    There’s confusion around the MACRA, MIPs, and APMs goals. It begs the question, Is Meaningful Use dead? Learn the MIPS APM and MACRA acronyms and more.

    Kris Gösser

    Kris Gösser

    Datica Alumni — Former Chief Marketing Officer

    tag Company

    MIPS Performance Qualifiers, Scoring, and Thresholds

    event-note July 18, 2018

    High performance scores and ratings can be a strategic advantage over competitors. Understand MIPS, including qualifiers, scoring, and threshholds.

    Kris Gösser

    Kris Gösser

    Datica Alumni — Former Chief Marketing Officer

    tag Company

    Maturity Model Level Zero: Picking a Compliance DNA

    event-note November 7, 2018

    In starting a compliance program, there is work to be done before you get to level one of the maturity model. We call this level zero.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag Compliance tag HITRUST

    Proving HIPAA Compliance

    event-note April 19, 2018

    HIPAA attestation is everywhere but are they really compliant? Companies can self-attest to HIPAA compliance because there are no HIPAA certifications.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HIPAA

    Recommended FHIR API Implementation Principles

    event-note May 17, 2018

    The FHIR standard is based on API routes but what should the API route look like? Learn general design principles and guidelines to build RESTful APIs.

    Mark Olschesky

    Mark Olschesky

    Datica Alumni — Former Chief Data Officer

    tag FHIR

    SOC 2 Type II Compliance for Cloud Computing

    event-note September 5, 2018

    At Datica, we are often asked about SOC 2 Type II and how it relates to HIPAA and HITRUST. This article is to help explain how a SOC 2 Type II audit compares to HIPAA compliance and other regulatory audits in the United States.

    Matt Taylor

    Matt Taylor

    Director of Marketing

    tag Compliance tag HITRUST tag Cloud Computing

    Steps to Climbing the Maturity Model

    event-note October 31, 2018

    Getting started with compliance on the cloud is easiest if you have a stepwise approach like the 5-level maturity model outlined in this post.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag Compliance tag HITRUST

    The FHIR Resource Object: The Core Building Block

    event-note May 17, 2018

    To understand FHIR, you must understand the FHIR Resource Object. This entry will help explain its origins and intent with links to help.

    Mark Olschesky

    Mark Olschesky

    Datica Alumni — Former Chief Data Officer

    tag FHIR

    The HIPAA Privacy Rule

    event-note February 6, 2018

    The HIPAA Privacy Rule is important to understand because it explains the types of data, covered entities, and uses of data HIPAA is concerned about.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HIPAA

    The Who and How of HIPAA Enforcement

    event-note July 20, 2017

    Learn about HIPAA enforcement, including who is responsible for enforcing HIPAA violations and compliance, and the fines for violating HIPAA.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HIPAA

    What is GxP?

    event-note February 8, 2018

    GxP stands for “Good Practice” and is a set of operational controls for Life Sciences organizations working within the confines of the FDA. Learn more about GxP compliance.

    Kris Gösser

    Kris Gösser

    Datica Alumni — Former Chief Marketing Officer

    tag GxP

    What is HITRUST?

    event-note May 10, 2018

    HITRUST certification by the HITRUST Alliance enables vendors and covered entities to prove HIPAA compliance based on a standardized framework.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HITRUST

    What is Protected Health Information (PHI)?

    event-note April 19, 2018

    The acronym PHI stands for Protected Health Information. An individual’s PHI is data on health status, provision of health care, or payment for health.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HIPAA

    What is a Data Breach under GDPR and HIPAA?

    event-note January 9, 2018

    What is the definition of a security incident and data breach under HIPAA and GDPR and how do they compare? This article breaks down the key terminology.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag GDPR

    Why HIPAA is not PCI

    event-note April 16, 2018

    This post discusses HIPAA and different types of hosted infrastructure options, answering the question of why HIPAA is not PCI.

    Travis Good, MD

    Travis Good, MD

    Co-founder & Chief Technology Officer

    tag HIPAA

    Recently at Datica

    Datica Guides
    HIPAA / HITRUST Self Assessment Guide
    Guide Preview

    This lightweight self-assessment worksheet illuminates the cloud requirements of HIPAA that you need to plan for in your own digital health product.

    HIPAA Compliance
    Datica Blog

    Top 50 Health IT Conferences to Attend in 2020, Part 2

    Dave Levin, MD

    Chief Medical Officer

    To make it easier for you to plan your conference attendance schedule for 2020, we’ve compiled our picks for the 50 must-attend health IT conferences. These events are designed to connect healthcare professionals working in a variety of unique disciplines, touching on hot-button topics for...

    event-note January 13, 2020

    See Datica Cloud Compliance Management Systems (CCMS) Live!

    Attend a live demonstration of CCMS to see how you can monitor and manage compliance

    Register today
    Datica Podcasts

    Innovation and Improving Healthcare

    Beth Bortz

    Present and CEO of Virginia Center for Health Innovation, VCHI

    On this episode of 4x4 Health we dive into the major issues surrounding health quality, medication assistance, public health awareness, and physician leadership with president and CEO of Virginia Center for Health Innovation, Beth Bortz.

    event-note December 17, 2019
    Know the complete compliance state of your cloud environment
    Solving Healthcare Compliance in a Post-Cloud World White Paper
    Guide Preview

    In this white paper, we explore the critical factors behind cloud compliance for companies in the extremely regulated industry of healthcare.

    Healthcare Cloud

    Help your startup navigate regulation.

    The Digital Health Success Framework is a simple guide for the makers of digital healthcare products.

    Explore the framework