Citus Data Announces HIPAA-Compliant Healthcare Cloud

November 13, 2018 - Citus Data announced that Citus Cloud can now be used to manage PHI and build HIPAA-compliant applications for the healthcare cloud. The scale-out Postgres database company now allows software-as-a-service (SaaS)-based healthcare companies to build HIPAA-compliant applications on top of the Citrus Cloud database.

The company announced that it has achieved a SOC 2 Type report. Citus Cloud was audited by an independent 3^rd party auditor and its database as a service is certified for security, availability, and confidentiality.

“By enabling developers to build HIPAA-compliant applications on top of Postgres, and by achieving our SOC 2 Type 2 report, we’ve validated that the Citus Cloud database as a service is a trusted solution for working with even the most sensitive personal data,” said Citus Data VP of Marketing Claire Giordano. “Regardless of sector or size of organization, we give our Citus Cloud customers a way to grow their applications without worrying about how to scale their database. We are pleased to announce we are bringing this same peace of mind to healthcare and to applications where compliance matters.”

“As a fast-growing business that handles sensitive consumer data, we take compliance very seriously in order to earn, and keep, our clients’ trust,” said Seamus Abshere, CTO at Faraday. “Therefore, HIPAA compliance and the SOC 2 Type 2 report are key certifications we look for in our vendors. The fact that the Citus Cloud database supports HIPAA-compliant applications and has achieved the SOC 2 Type 2 report was an important factor in deciding how to scale out our Postgres database in the cloud.”

Not all cloud service providers are HIPAA-compliant and organizations in the market for a cloud vendor should pay attention to a vendor’s HIPAA and SOC 2 certifications.

 Cloud-council.org advises organizations to manage the logistical and physical security of their infrastructure carefully and implement security protocols that take the full lifecycle of protected health information (PHI) into consideration.

Each cloud-based solution, no matter its purpose, needs to be HIPAA compliant.

Most cloud vendors that are HIPAA compliant make it known and are willing to discuss how their solution complies with HIPAA regulations, Jeff Thomas, CTO of Forward Health Group told HITInfrastructure.com.

However, not all vendors claiming HIPAA compliance are truly compliant or the best solution for a healthcare organization.

“Organizations should always be leary of any vendor selling a HIPAA-compliant solution,” said Thomas.

“Even if a cloud solution enables you to use it in a compliant manner doesn’t mean it solves the compliance problem for you. There’s a few different key points when you’re ensuring that the technology will work to enable HIPAA compliance."

"Is the vendor you choose willing to sign a business associate agreement? If they hesitate or don’t know what that is, they aren’t the right vendor to choose because they don’t understand your healthcare compliance needs when it comes to HIPAA.”

Cloud solutions often come with many features or tools that may be produced by another vendor and offered in collaboration or because the primary vendor does not have their own comparable solution for a certain feature.

The HIPAA security rule requires all covered entities to conduct a risk assessment of their organization which includes cloud deployments. The HIPAA risk assessment ensures that an organization is compliant with HIPAA’s administrative, physical, and technical safeguards.

The Office of the National Coordinator for Health Information Technology (ONC) has developed a free security risk assessment tool to help guide organizations through the risk assessment process by taking organizations through each HIPAA requirement.

Cloud offers organizations a cost effective, lightweight way to collect, analyze, and present data, along with accelerating day-to-day operations and providing patients with efficient, personalized care. While HIPAA compliance is still a valid concern for providers, vendors are stepping up to accommodate healthcare-specific needs as healthcare providers step into the future of cloud computing.