Thanks to Philly’s documented strengths in the health IT sector, likely you’ve heard of HIPAA compliance.
The term stands for Health Insurance Portability and Accountability Act, a 1996 bill that, among other things, sets the guidelines for the safe-keeping of sensitive patient data. When said of a software platform, HIPAA compliance generally means the tool is able to protect patients’ information as it performs its main function.
Up until now, Center City–based Stitch had been unable to offer its customers what’s known as a business associate agreement (BAA), a guarantee that its platform was “up to code” with the set of regulations. After a two-month process, the company announced in a blog post Tuesday that it was all clear to offer its ETL (extract, transform and load) data platform to companies using sensitive data.
“We weren’t able to service customers whose data was covered under HIPAA,” said Stitch Chief Technology Officer Christopher Merrick. “We’ll now be able to sign those agreements for our customers and confirm that we comply with necessary regulations.”
(Quick catch-up on what Stitch actually does: The online tool lets developers extract, transform and load data from sources and into different targets.)
So what does HIPAA compliance actually mean? First up, it means all data that goes through Stitch’s system is now encrypted end-to-end regardless of where it is: in a hard drive, up in the cloud, etc.
Got PHI data but you just can't get it to your data warehouse? Hungry Hungry HIPAA your favorite party game? Are BAAs and sheep entirely unrelated concepts in your worldview? Great news – Stitch is now HIPAA compliant! https://t.co/05McUAmljd pic.twitter.com/e7Tb1OM3cC
— Stitch Data (@stitch_data) January 16, 2018
“We have to have really good chain of custody of the data,” Merrick said. “We can’t start using other services to process data without getting into a contractual agreement with them.”
Another piece of the puzzle involves having access audits in place: Any action performed on the data is recorded in a log. Per Merrick, an RJMetrics alum who transitioned to Stitch following the company’s acquisition/spinout combo move in August 2016, educating employees and creating documentation on security protocols were two big elements of the process.
“We decided to do this in response to demand,” said Merrick. “We were already knocking on the right doors and it was a hangup for some companies. We’re excited to be able to service those customers now.”
What does this mean for Stitch from here on out? Will it become a health IT-focused company? Not exactly: the privacy measures in place will apply to all users regardless of vertical, but it does open the door to more possible customers. Plus, Merrick explains, the healthcare sector might find value in Stitch’s service.
“In the universe of healthcare, data tends to be scattered and messy so that’s a situation we can help people solve,” Merrick said. “It will certainly expose us to new customers.”
This Philly startup is out to get CloudMine’s old clients
CHOP spinout Bainbridge Health raises $1.6 million to expand mission, team
At Dreamit’s HealthTech Demo Day, a penchant for machine learning and AI
How this Vistar Media software engineer succeeds on an ‘inclusive team’
Penn students compete for best healthtech idea at inaugural M&T Summit
At IntegriChain’s Philly HQ, employees make a difference in patients’ lives
Explore culture and careers at healthtech company IntegriChain
Learn to lead digital transformation at Phorum 2019
Sign-up for daily news updates from Technical.ly Philadelphia