Blog

Search-1

Inside the Vault: Searching and Fetching Data

by Sara Kassabian December 4, 2018

Virtually any business that works in the healthcare space will be accessing and managing health information. If personally identifiable information (PII) is linked with medical information, that data is considered protected health information (PHI), a special class of data that must be secured according to HIPAA standards. But building a HIPAA-compliant application requires expert knowledge in engineering for security as well as the law itself. There are few small businesses that have the...

Read More
Hubspot_Authentication

Inside the Vault: How data flows in TrueVault

by Sara Kassabian November 20, 2018

Virtually any business that works in the healthcare space will be accessing and managing health information. If personally identifiable information (PII) is linked with medical information, that data is considered protected health information (PHI), a special class of data that must be secured according to HIPAA standards. But building a HIPPA-compliant application requires expert knowledge in engineering for security as well as the law itself. There are few small businesses that have the...

Read More
adult-african-descent-american-1061579

What's the difference between PII and personal data?

by Sara Kassabian October 30, 2018

The two data protection regulations that TrueVault technology helps companies comply with are the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR). Both HIPAA and GDPR introduce distinct but related concepts surrounding what information constitutes as “personal”. In this blog, we clarify and untangle these definitions.

Read More
iStock-912978286

Explaining Business Associate Agreements

by Sara Kassabian October 23, 2018

If your business is exploring opportunities in the healthcare industry, chances are you will be working with health information that contains identifying details, also known as protected health information (PHI).

Read More
Presentation1 2018-10-11 15-30-07-1

What is PHI?

by Sara Kassabian October 9, 2018

Last week, we broke down the working definitions of personally identifiable information (PII) as it applies to laws like GDPR and CCPA. But there are laws that extend even further beyond regulating how businesses can collect and store personally identifiable information (PII) when health information is involved.

Read More
pii-horizontal

What is personally identifiable information (PII)?

by Sara Kassabian October 2, 2018

TrueVault is in the business of protecting personally identifiable information (PII) collected on behalf of your company. PII is different from other types of data, and by storing PII in our SecureVault, we limit the legal liability for businesses that interact with this sensitive data.

Read More
aws-truevault-02a

Comparing TrueVault and HIPAA Compliant Hosting Services

by Sara Kassabian September 25, 2018

Clients ask us a lot: What is the difference between TrueVault and HIPAA compliant hosts, such as Amazon Web Services (AWS)? The answer really comes down to risk. If you’re looking for a ready made solution to HIPAA compliance, use TrueVault. If you’re confident in your ability to build from scratch a secure and lawful platform that can store protected health information (PHI) — essentially, build your own version of TrueVault — then you’ll start with a HIPAA compliant host, such as AWS.

Read More
diagram-01b-03_cropped

Announcing Tokenization Engine

by Justin Gold September 18, 2018

Today, TrueVault is launching Tokenization Engine, a new feature of SecureVault, to help companies import healthcare data without the legal burden of HIPAA compliance. The Problem There is clear business value to leveraging health behavior data, but working with healthcare data can be problematic. If a company wishes to work with healthcare data, chances are this data includes Protected Health Information (PHI), a special class of data that requires compliance with HIPAA regulations because it...

Read More
data-de-identification

Data De-Identification - An Easier Way to HIPAA-Compliance

by JoAnna R. Nicholson September 27, 2016

Creating a HIPAA-compliant product doesn’t have to be a harrowing experience, but most teams unwittingly choose the slowest, riskiest, and most challenging path to compliance. This post seeks to shed some light on a faster and simpler approach: Data De-Identification. If you take the hard path, retrofitting an existing application to become HIPAA-compliant can be a huge undertaking:

Read More

HIPAA Violations are on the Rise (Infographic)

by Morgan Brown July 8, 2014

Over the past year, consumer complaints to the Office of Civil Rights regarding HIPAA violations has skyrocketed. The number of complaints rose nearly 10x between 2013 and 2003. While 2013 was a record year for complaints, 2014 is setting up to easily shatter the previous mark. Complaint volume is up 45.7% year-over-year through the month of May (the most recent month with data available). Enforcement of the new Omnibus Final Rule that was published in January of 2013 and effective as of...

Read More

Should App Developers Get HIPAA Certified?

by Morgan Brown June 17, 2014

If you are a developer and you create apps, software, or other technologies that are connected to healthcare information, you are likely dealing with the question of HIPAA compliance and whether the laws around compliance apply to you and your app. One of the first things that probably come to mind is whether you need to get HIPAA certified. It’s a reasonable question. Especially if you’ve built applications that use sensitive data like payment information, you’re used to the notion of required...

Read More

What Developers Need to Know about HIPAA Compliance in Wearable Tech

by Morgan Brown May 14, 2014

With dozens of products already on the market and more on the way, it’s clear that wearable tech is only going to grow in popularity with consumers. From Fitbit to Jawbone Up, Nike Fuel Band and more, these devices are tracking more consumer health data than ever. While popular wearables are tracking steps and calories today, it’s likely that they will track things like hydration, heart rate and more in the next few months—especially if rumors about Apple’s Healthbook are true.

Read More

What is the penalty for a HIPAA violation?

by Morgan Brown January 9, 2014

HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time. Fines will increase with the number of patients and the amount of neglect. Starting with a breach where you didn’t know and, by exercising reasonable diligence, would...

Read More

HIPAA Compliant File Storage for Healthcare

by Jason Wang January 8, 2014

TrueVault can offer you HIPAA compliant storage for any file format. This is not just a file backup or cloud storage solution. Our BLOB Store was designed from the ground up to integrate with mobile applications, web apps, and wearable devices. File uploads, downloads, updates, and deletes are all accessible via a REST(ful) API. When TrueVault launched in September of 2013 we released HIPAA compliant storage for JSON Documents. In December 2013 we launched our BLOB Store.

Read More

HIPAA Physical Safeguards Explained, Part 2

by Jason Wang October 27, 2013

In a previous blog post titled, HIPAA Physical Safeguards Explained, Part 1, we covered the basics of the HIPAA Physical Safeguards and the first of four standards of the HIPAA Security Rule. In this post, we’ll cover the remaining three standards: Workstation Use, Workstation Security and Device and Media Controls. If you skipped part 1 of the series, you should read that first. Otherwise, Let’s dive right in. The Workstation Use standard states your entity must define what each workstation...

Read More

Do I Need To Be HIPAA Compliant?

by Jason Wang October 13, 2013

If you handle what’s called protected health information (PHI), then this is an important question to be asking because HIPAA violations can result in some serious penalties. What is PHI you ask? Good question. PHIis any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a health care service, such as a diagnosis or treatment.

Read More

HIPAA Physical Safeguards Explained, Part 1

by Jason Wang October 10, 2013

Update 10/27/2013: You can read part 2 of this series here Physical Safeguards are a set of rules and guidelines outlined in the HIPAA Security Rule that focus on the physical access to Protected Health Information (PHI). In contrast, Administrative Safeguards focus on policy and procedures, while Technical Safeguards focus on data protection. When we think about PHI, we typically think about the digital form of PHI: database records, PDF patient files, and MRI scan images.

Read More
All posts

Latest Posts

Should Utah's Privacy Law Be on Your Radar?

Phillip Walters / November 17, 2022

Connecticut’s Privacy Law: Does It Apply to Your Business?

Phillip Walters / November 10, 2022

Global Privacy Control: A New Requirement for Compliance

Phillip Walters / November 7, 2022

A Cookie Banner Isn't Enough for CCPA Compliance

Phillip Walters / October 27, 2022

Why CCPA Compliance Matters to HR

Phillip Walters / October 21, 2022

Mailing List

Company

Developers

Latest Posts

Contact Us

201 Mission Street, 12th Floor
San Francisco, CA 94105
Email: hello@truevault.com

2024 © All Rights Reserved.  Privacy Policy  |  Terms of Use  |  Supplemental Terms | California Privacy Notice