September 12, 2017

HITRUST CSF Certification Round 3

Laleh Hassibi

Vice President of Marketing

HIPAA regulations create a barrier for makers of digital health products to adopt the cloud. Whether you are a digital health startup, a health system, payer, or life sciences organization, it takes an enormous amount of work to get your digital health product off the ground while, at the same time, achieving and maintaining continuous HIPAA compliance.


At Datica, we address all the infrastructure-based HIPAA rules and regulations for customers. Customers sign a single Business Associate Agreement with us, which reduces the complexity of managing several BAAs.

Through us and through our BAA, customers are able to build and deploy onto the world’s best infrastructure providers like Amazon Web Services or Microsoft Azure without having to worry about shouldering the immense technical obligations required to achieve HIPAA compliance.

Going for the Gold: Proving HIPAA Compliance with the Gold Standard, HITRUST

With the HITRUST Common Security Framework (CSF) Certification, we have proof the Datica Platform meets the “gold standard” of industry expectations. HITRUST CSF Certification remains an important designation for any organization developing digital health products that handle sensitive PHI. It combines different legislative initiatives that may be similar and yet somewhat contradictory to each other. The CSF provides one set of prescriptive controls from which everyone can work.

diagram - platform-hitrust-inheritance

Customers inherit our security but, more importantly, they inherit our HITRUST CSF certification. Datica has been a leading voice in shaping what HITRUST looks like in the cloud and the fact that we just received our HITRUST CSF certification for the third time gives industry validation to our approach.

This latest CSF Certification is even more comprehensive than the last since it also includes both the Azure and Docker portions of Datica’s platform. With this certification extended to additional components of our platform, we now offer customers greater flexibility with cloud infrastructure choices.

Compliance Facts


Total number of independent audits Datica has passed, including HIPAA and SOC1/2.


Total number of HITRUST CSF Certifications Datica has received, two full and one interim since 2015.


Total number of security and risk assessments we have assisted our customers pass.

Having Azure and Docker in the certification makes Datica an easy choice for those who want to be compliant and move to the cloud.” — Lori Meals, Director of Compliance, Datica

As the information protection framework for the healthcare industry, the HITRUST CSF Certification brings a new level of effectiveness and efficiency to third-party assurance. This latest certification provides assurance that we appropriately secure and protect PHI so you can focus on what you do best — building your digital health product in the cloud.

tag Security Compliance HIPAA HITRUST


What does it take to be a 100% HIPAA compliant cloud company?

Travis Good, MD

Co-founder & Chief Technology Officer

Datica has spent extensive time and money on security and organizational policies and procedures specifically to comply with HIPAA and share with our customers.

event-note July 27, 2017

5 Steps to HITRUST CSF Certification

Laleh Hassibi

Vice President of Marketing

Complying with HIPAA and proving it are two very different things. Datica is HIPAA compliant AND can prove it with our HITRUST CSF certification.

event-note June 29, 2017