Stitch is now HIPAA-compliant and here's why that matters - Philly


Jan. 16, 2018 12:59 pm

Stitch is now HIPAA-compliant and here’s why that matters

Might it mean a health-IT slant for the Center City company?

At Stitch's Center City offices.

(Courtesy photo)

Thanks to Philly’s documented strengths in the health IT sector, likely you’ve heard of HIPAA compliance.

The term stands for Health Insurance Portability and Accountability Act, a 1996 bill that, among other things, sets the guidelines for the safe-keeping of sensitive patient data. When said of a software platform, HIPAA compliance generally means the tool is able to protect patients’ information as it performs its main function.

Up until now, Center City–based Stitch had been unable to offer its customers what’s known as a business associate agreement (BAA), a guarantee that its platform was “up to code” with the set of regulations. After a two-month process, the company announced in a blog post Tuesday that it was all clear to offer its ETL (extract, transform and load) data platform to companies using sensitive data.

“We weren’t able to service customers whose data was covered under HIPAA,” said Stitch Chief Technology Officer Christopher Merrick. “We’ll now be able to sign those agreements for our customers and confirm that we comply with necessary regulations.”

(Quick catch-up on what Stitch actually does: The online tool lets developers extract, transform and load data from sources and into different targets.)

So what does HIPAA compliance actually mean? First up, it means all data that goes through Stitch’s system is now encrypted end-to-end regardless of where it is: in a hard drive, up in the cloud, etc.

“We have to have really good chain of custody of the data,” Merrick said. “We can’t start using other services to process data without getting into a contractual agreement with them.”


Another piece of the puzzle involves having access audits in place: Any action performed on the data is recorded in a log. Per Merrick, an RJMetrics alum who transitioned to Stitch following the company’s acquisition/spinout combo move in August 2016, educating employees and creating documentation on security protocols were two big elements of the process.

“We decided to do this in response to demand,” said Merrick. “We were already knocking on the right doors and it was a hangup for some companies. We’re excited to be able to service those customers now.”

What does this mean for Stitch from here on out? Will it become a health IT-focused company? Not exactly: the privacy measures in place will apply to all users regardless of vertical, but it does open the door to more possible customers. Plus, Merrick explains, the healthcare sector might find value in Stitch’s service.

“In the universe of healthcare, data tends to be scattered and messy so that’s a situation we can help people solve,” Merrick said. “It will certainly expose us to new customers.”

Companies: Stitch, Inc.
Already a member? Sign in here
Connect with companies from the community
New call-to-action


This precision medicine company just raised $5M to help save preemies

Here’s what we know so far about Quil Health, the Comcast-IBX joint venture

This Philly startup is out to get CloudMine’s old clients



Meet these 10 hiring companies at Super Meetup


Vistar Media

Front End Engineer

Apply Now

Vistar Media

Sr. Software Engineer

Apply Now
Philadelphia, PA - Center City


Sr. Project Manager

Apply Now

At Dreamit’s HealthTech Demo Day, a penchant for machine learning and AI

Our talent pool drew this Baltimore health startup to Philly

Penn students compete for best healthtech idea at inaugural M&T Summit



Verizon is looking for the brightest ideas on how to use its 5G technology

Philadelphia, Pa


Event Sales Ambassador

Apply Now


DevOps Engineer

Apply Now

Sign-up for daily news updates from Philadelphia

Do NOT follow this link or you will be banned from the site!