Prescriptive Compliance is how Healthcare Adopts the Cloud
If you are big…
Large organizations are hesitant to migrate to AWS or Azure because they are concerned compliance requirements aren't being met. When they can't be sure, they stick with old infrastructure.
If you are new…
Emerging digital products can't break through to their enterprise customers unless they demonstrate compliance and security credibility from Day 1. Compliance is central to the business model.
Datica solves your problem
The Datica Platform allows development flexibility via Kubernetes® while providing a prescriptive compliance and security layer on top.
With Datica, any technology team can manage compliance on the cloud, giving organizations the assurances they need to adopt the benefits of the cloud.
Advanced Compliance Features
Datica’s private key infrastructure ensures that your data is protected and can only be accessed by those with appropriate permission.
- You have the option to either provide your own Root CA, or rely on Datica to create and store one for you.
- Once the Root CA is established, Datica creates an intermediate CA.
- This intermediate CA is used for generating all cluster specific certs.
Compliance Artifact Storage
Once your Kubernetes® cluster is installed and configured, Datica will store compliance artifact data.
- Our logging stack ties directly into the compliance artifact storage.
- Certain compliance data must be relayed back to Datica’s centrally managed Cloud Compliance Management System for processing.
- The Compliance Artifact Storage mechanism is the lifeblood of the Cloud Compliance Management System.
Continuous Compliance Engine
The core value of the Datica Cloud Compliance Management System is that we are continuously ensuring the complete compliance of both your cluster, and the underlying infrastructure that it resides on.
- We do this by comparing the running state with the expected compliance state.
- When anomalies and events are detected, a Datica Security and Compliance expert will review the logs and take necessary steps.
Datica leads the industry in both security and compliance management. Powered by the Datica Cloud Compliance Management System, Datica's managed compliance service includes:
- Intrusion detection review and remediation.
- Vulnerability scanning management, remediation and proaction.
- Compliance reporting for HITRUST, SOC 2 and GDPR made available to all CCMS users.
Datica is HITRUST CSF Certified.
Customers benefit from serious credibility and accelerated audits with customers like hospitals, payers, and pharma.
HITRUST is the most important prescriptive compliance framework in healthcare. It helps give enterprises assurances that they can use the cloud as if compliance didn't exist, while giving digital health companies a shortcut to credibility.
General Data Protection Regulation
The European Union has created a new authoritative regulation on consumer data called GDPR. Fines start being handed out on May 25th, 2018. The regulation applies to all EU citizens regardless of service or where the data lives. Protected Health Information (PHI) is scoped within GDPR, so any healthcare organization who might service European Union citizens will be affected by it.
Are you ready? Datica applies the rules of GDPR and GXP and will be able to prove full compliance once our audit is complete in May 2018.Get the Datica GDPR Report
Good practices for Life Sciences on the Cloud
GxP stands for “Good Practice” and is a set of operational controls for Life Sciences organizations working within the confines of the FDA.
The FDA publishes its regulations on the back of NIST, which is why GxP largely follows NIST standards. There is no one authoritative documentation source for GxP, like we have the 2013 Omnibus for HIPAA or Articles from the European Union on GDPR. Instead, GxP is an industry-accepted definition of best practices mapped to FDA regulations.
Open sourced company policies give healthcare organizations a headstart
What people are saying about Datica’s Open Source Policies
"We believe that for Datica to open source these documents is truly ground breaking in healthcare IT.
In the past we’ve spent an enormous amount of funds creating & updating our policies. We have yearly evaluations of our policies in October and this past October (2014) we were able to update and implement a number of improvements to our existing policies all based off the information we gathered from Datica's policies. This cost us zero dollars in comparison to our expensive updating of policies in prior years.
This is definitely the first time we have seen policies open sourced and we applaud the use of tools like GitHub to manage version control of all policies.
I think this could be revolutionary in helping the industry as a whole collaborate to improve privacy and security practices by gathering information from the highest level security/privacy experts in the field and making it available via similar open source methods.”
CEO & Cofounder, Eligible Inc.
We’re dedicated to making the industry better
In 2014 Datica open sourced our company policies under a a CC BY-SA 4.0 license. Since then the response has been overwhelmingly positive—we have had more activity on GitHub than governmental institutions like the FDA. Along the way we’ve helped hundreds of businesses get started by eliminating this portion of HIPAA compliance as a burden.
Our policies have been written with modern, cloud-based technology vendors in mind. We looked far and wide for policy examples that fit our company, and couldn’t find any. So we wrote our own. Importantly, these policies have been through multiple external audits—two HIPAA audits and one HITRUST audit.
Do you handle PHI and not yet have your own company policies in place? Then you’ll find our content useful.Policies Overview