The US Government officially endorses NIST standards as the pathway to HIPAA compliance. Unlike standards such as PCI, there isn't an official HIPAA / HITECH certification, which has created plenty of confusion and misinterpretations of what HIPAA ultimately requires.
The Healthcare Blocks team and its compliance and legal partners advocate ongoing compliance efforts and re-assessment of policies and procedures as new threats arise and previously approved standards are weakened. Healthcare Blocks is audited on a quarterly basis by independent security teams associated with its customers. In addition, Healthcare Blocks conducts an annual risk assessment as required by HIPAA.
Healthcare Blocks is currently working towards HITRUST certification, with an estimated completion date of Q1 2018. HITRUST CSF is a compliance framework requested by certain health systems when working with subcontracted vendors.
The Healthcare Blocks platform is subject to a penetration test performed by third party vendors on behalf of our customers, on the average, every month. Our platform has passed every test since our inception in September 2013. Customers, such as Brijesh Patel from InquisitHealth, have used the results of these tests to help land new customers.
Healthcare Blocks does not operate its own datacenter. Instead, we've partnered up with Amazon Web Services, who is responsible for managing the infrastructure layer. We have a mutual Business Associate Agreement in place as of November 4, 2013. SOC reports are available upon request and require the signing of a non-disclosure agreement.