How We help

Compliance & HITRUST

You benefit from the dirty work our team put into achieving HIPAA compliance. Customers become HITRUST certified overnight with our proven approach to security and privacy.

What does it take to meet compliance?

Meeting Technical Obligations

Compliance is broadly split into two halves: Administrative and Technical. For technology concerns, meeting the rules put forth by the HIPAA omnibus is complicated. Different approaches and procedures must be implemented and harmonized a specific way. Everything is geared towards encouraging industry best practices for security, privacy, and data integrity.

Business Associate Agreements

The entire chain of healthcare technology—from digital health vendors to medical devices to providers and covered entities—relies on shared risk. Business Associate Agreements (BAAs) are contracts between different organizations along that value chain which outline which party is absorbing which risks. Signed BAAs with all your technology partners are a critical part to establishing compliance.

Demonstration of Trust

A company may claim to have completed all steps required to be compliant, but if it can't prove compliance, how can the industry be sure? Third-party validation of compliance is the final building block, because, without it, the rest of the healthcare ecosystem can not trust the risk you would absorb through a Business Associate Agreement.

Catalyze helps you achieve compliance

We address all technology controls at the infrastructure level.

  • We invented a Secure Software-Defined Network (SSDN) for Docker, which was the missing piece for a HITRUST CSF Certified multi-tenant cloud. It addresses encryption in transit and at rest.
  • All logging is dedicated and HIPAA compliant.
  • Our platform takes care of setting up and maintaining Nessus to meet enterprise-grade vulnerability scanning.
  • A team of leading networking security engineers developed a HIPAA-compliant intrusion detection system.
  • We manage 30-day backups for all customers, and procure enterprise-grade disaster recovery across multiple IaaS clouds.
Catalyze is HITRUST CSF Certified

Catalyze's compliant platform sits on top of four of the best public clouds in the world: Amazon Web Services, Microsoft Azure, IBM SoftLayer, and Rackspace. We have signed Business Associate Agreements with all partners.

Those clouds meet a fraction of compliance—mostly the firewall and physical safeguards. Catalyze's platform fills the gap and automates the rest of your infrastructure obligations.

Our single Business Associate Agreement covers your entire infrastructure.

Reduce administrative complexity

You no longer need to align breach policies between multiple infrastructure companies. You no longer need to fret about possible gaps between your partners. Sign a single BAA with Catalyze, and we'll cover you for the entirety of your infrastructure obligations.

Our single BAA passes through value to you

We have signed BAAs with some of the world's best public clouds. By signing a BAA with us, you inherit our BAA with them. This means you are compliant while still benefiting from the industry standards of latency, uptime, and zone availability that clouds like AWS or Azure give you.

HITRUST CSF Certified Infrastructure

Catalyze's HITRUST Certification ensures you are working with an industry leader

Catalyze is HITRUST CSF Certified, achieving the greatest industry privacy and security standards, which means customers can trust our products—and our customers—with confidence.

Read our compliance story
Catalyze is HITRUST CSF Certified

We take compliance seriously.

Stratum is built with information security and compliance at its core. Our policies, procedures, and technology go above and beyond HIPAA compliance to ensure our users' data, and their users' data, is secure. We take HIPAA compliance seriously because we believe it is the right thing to do.

HHS and NIST Sanctioned

Our leaders are industry leaders.

The founding team at Catalyze is made up of industry luminaries. From conference keynotes to panel discussions to guest content contributions to industry regulatory body participation, our executive team is recognized as an authoritative voice on HIPAA and compliance.

Sitting at the heart of the HIPAA conversation provides Catalyze with a unique and powerful grasp on how to best achieve compliance in a rapidly changing technology landscape. It's this benefit that propels our vision forward.

How customers leverage our compliance efforts

HITRUST CSF Certification

  • Catalyze has been certified twice, originally in 2015 and again in 2016.
  • The certification extends to partnerships with all 4 major clouds: AWS, Azure, SoftLayer, and Rackspace.
  • Read our certification letter.
  • Catalyze is viewed as a shining example of HITRUST's intent. After our second certification, our CEO Dr. Travis Good was invited to sit on the Business Associates Council.
  • Customers use our certification to skip past sections of their own certification efforts. Customers typically inherit around 30-40% of HITRUST's requirements when they leverage our certification during the process.
  • Catalyze provides to customers a public certification letter as well as a private report from HITRUST, which customers can re-use in both their business and compliance objectives.
  • Trained expert account managers are available to answer HITRUST questions or be a liaison for customers when needed.

Third-party HIPAA Audits

  • Catalyze has been audited three times since 2014.
  • Audits are expensive. We wrote about the costs here.
  • Customers use our HITRUST certification to automatically cover roughly 50% of their own HIPAA audit efforts.
  • Our HITRUST certification provides better utility than the HIPAA OCR Checklist with most customer compliance objectives.

Education, awareness, and transparency

Core to Catalyze's mission is making compliance obtainable to everyone. That starts with educating on the facts, distilling the complexity, and being open and transparent to what your obligations are.

Free guides and content


Brush up on the new compliance and security framework.

Download guide

HIPAA Compliance Guide

Learn the basics of HIPAA in less than a single coffee break.

Download guide

The Academy

Free articles discussing HIPAA, HITRUST, FHIR, HL7, and more.

Visit The Academy

Full Content Archive

We write about what we learn on our blogs, Medium publication, and infopedia. It's free, easy to browse, and geared for the healthcare IT community.

Visit the full archive

Open source resources

Public Business Associate Agreement

Unlike other vendors who require you to sign an NDA just review their BAA, we published ours for the world to see, or even copy (it's open source).

View our Business Associate Agreement

Open Source Company Policies

We service the technical side of compliance. To help with the administrative side, we published our own company policies as an open source project.

View policies