Guide

ClearDATA FAQs

Tired of reading websites and documentation with language so technical or jargoned that you don’t know what you’ve just read, nor do you feel like you better understand the company you’re researching? We can change that. You have questions. We have answers. Below are the most common questions we get:

Who is ClearDATA? What do you do?

We help healthcare organizations protect and secure their sensitive healthcare data, including PHI (protected health information) and PII (personally identifiable information), as they build innovative apps in the public cloud. The healthcare industry is under attack from cybercriminals looking to steal this data, causing painful and expensive data breaches. We provide a comprehensive solution to our customers’ public cloud security and compliance requirements via a combination of software, intellectual property, managed services, and expert personnel. We also provide an enhanced contractual framework for the required Business Associate Agreement (BAA) that is customized to each of our customers’ unique needs. You’ll find this far exceeds what you can negotiate directly with a public cloud provider.

What do you offer?

We offer a platform comprised of software products, managed services, and professional services built on a foundation of HITRUST, ensuring our healthcare customers the highest quality standards and best practices for privacy, security, and compliance as they drive innovation using the public clouds.

Products

ClearDATA Comply™

ClearDATA Comply is comprised of Automated Safeguards and a Compliance Dashboard.  It can be used in combination with our managed services, or as a software-only product to complement more advanced cloud compliance programs.

  • Automated Safeguards are intellectual property we developed to ensure you and your developers can work natively with public cloud services (AWS, Google, or Microsoft) while maintaining compliance with the regulatory framework you’re accountable to – HIPAA, GDPR, or GxP and more. With Automated Safeguards, ClearDATA has interpreted key regulations and developed IP for over 45 of the most popular public cloud services. More than 120 technical controls are configured properly to ensure your organization stays in compliance with healthcare’s complex regulatory frameworks. These safeguards act as guardrails as your team innovates. If you take an action that causes you to drift out of compliance, these safeguards detect the issue and provide notification to the appropriate personnel or automatically remediate the problem, or both.
  • The Compliance Dashboard is an intuitive interface that works hand-in-hand with the Automated Safeguards and provides you and your internal stakeholders (including CISOs, InfoSec, Compliance, and Risk teams) as well as external stakeholders (including auditors and legal teams) the opportunity to view your organization’s compliance posture across your assets in the public cloud at any time. It provides a near-real time view as well as a historical record, and is expertly mapped to specific compliance frameworks, allowing you to select one set of regulations or multiple including HIPAA, GDPR, GxP, IST, ISO.
  • Purchase Options:
    • ClearDATA Comply can be purchased as a standalone software for you to deploy on your own if you already have a BAA signed with the public cloud, have a team of cloud experts already in-house, or want to experiment with non-PHI workloads.
    • Healthcare Managed Services: If you don’t have in-house cloud expertise and need the support of our Healthcare Managed Services, you can choose from two different packages that best align to the needs of your organization.
ClearDATA Locate™

ClearDATA Locate was built on top of Kubernetes and was designed to help healthcare organizations track PHI data across their microservices architectures. ClearDATA Locate utilizes a technology we built called Healthcare Aware Distributed Tracing™. Distributed tracing is a common tool that allows an enterprise to trace data requests in microservices. It is used most commonly to help track requests, but there has not been a tracing tool that can determine if the traffic is PHI…until now with ClearDATA Locate and Kubernetes. Locate gives microservice-based application owners, as well as the security and compliance teams that back them, the ability to detect data that may be PHI and trace it through their microservices.  This allows organizations to gain visibility into where their PHI is flowing and helps determine the scope of which records were processed by which systems.

Managed Services

To complement our software products, we also offer healthcare managed services that combine our intellectual property with 24/7 human support to help ensure ongoing compliance. ClearDATA employs a team of cloud experts to provide architecture guidance, as well as build services and security functions such as creating hardened images, patching, intrusion detection, vulnerability scanning, malware and virus detection, logging, and back-ups – to name a few. Our team is made up of certified cloud engineers along with healthcare and compliance experts who understand the problems healthcare organizations are trying to solve in the cloud.

Professional Services

Since we meet our customers where they are in their cloud journey, we offer a wide array of professional services ranging from early stage assessment and migration planning to consulting for change management, DevOps training, Security Risk Assessments, and much more – all based on your organization’s unique needs, both today and in the future. Most organizations begin with the Security Risk Assessment and a PHI inventory. After all, it’s difficult to protect your data if you don’t know where it is. The SRA provides a view into your existing security and compliance gaps as well as a roadmap of which concerns to address first.

You can learn more about these products and services on our website, where you can view short videos about Automated Safeguards and the Compliance Dashboard.

Can I see a product?

Yes, we can set up a demo call at any time. You can request a demo here: https://www.cleardata.com/request-demo/

What makes ClearDATA unique among cloud software and service providers?

First and foremost, many of the other providers that offer you cloud services, such as MSPs, have added healthcare as a tacked-on vertical to existing business models. At ClearDATA, we are healthcare exclusive. This is all we do, and we are 100% focused on securing our customers’ PHI in the public cloud.  We are HITRUST certified and have earned the status of Premier Consulting Partner with AWS, Premier Partner with Google, and Gold Partner with Microsoft. This gives us broad and deep expertise as your strategic partner in the healthcare cloud. In addition to our proven ability to interpret and map complex regulatory frameworks to compliance checks for hundreds of successful healthcare organizations, we have staffed our company with the country’s best and brightest at cloud. Attracting certified-cloud solution architects and software engineers adept at supporting you on AWS, Azure, or GCP takes work, time, and money. We have spent years building, training, and retaining expert team members in cloud and healthcare.

In an industry where speed to market matters, time savings serve as a competitive advantage. Our cloud and healthcare knowledge, certifications, and partnerships give you the support you need on your cloud journey so you can focus on your applications, your innovation, your business objectives, and your core competencies. In short, we are the recognized security and compliance expert for healthcare in the public cloud. We are committed to this for the long haul, making healthcare better every single day by helping our customers modernize their IT stack in the public cloud, while ClearDATA works as their partner in delivering the security and compliance they need.

The cloud providers have HIPAA-eligible services now. Why do I need you?

Yes, they do have HIPAA-eligible services. And it will be up to you to configure and deploy them in a way that is HIPAA compliant, which is very different from HIPAA eligible. They will provide you the infrastructure, but it is up to your team to have the deep cloud, automation, DevOps experience, and compliance expertise for you to create and maintain a compliance program that proves you are compliant over time. ClearDATA stays abreast of the thousands of changes the public cloud providers make to their services yearly, and also monitors changes made to healthcare regulations. We adjust our automation to reflect those changes to protect your compliance posture.

Additionally, when you try to go it alone and “do it yourself” (DIY), you are faced with a tremendous pull on your time and resources. Do you want to spend your time keeping up with public cloud updates or innovating to reach your business objectives? It’s also important to bear in mind that when you go direct with the public cloud provider you will be using their Business Associate Agreement. This is seldom negotiable. At ClearDATA, we recognize that your business and cloud needs are unique, so we will customize our comprehensive, purposeful BAA to best protect your business.

What’s your business model?

We meet you where you are in your cloud journey. Most of our customers today utilize ClearDATA’s full-service offering, where ClearDATA provides the public cloud infrastructure, as well as our software and managed services – all covered by a comprehensive and custom BAA. For other customers who have direct relationships established with their cloud providers through an enterprise agreement, we can offer our software and managed services and a tailored BAA, while the customer procures the public cloud infrastructure services directly. This is commonly referred to as “Bring Your Own Cloud” or “BYOC”. Lastly, for more mature cloud practitioners, we offer our Comply product as a software-only solution and provide different tiers of our healthcare managed services offering.

How viable is your company?

Since 2011 we’ve been helping more than 200 healthcare organizations drive innovation through modernizing their IT stack. We’re experts in the public cloud, as evidenced by our partnership status with AWS, GCP, and Azure.  We are backed by some of the nation’s most recognized healthcare-focused investors, including Norwest Venture Partners, Merck Health Innovation Fund, Excel Venture Management, Heritage Group, HLM Venture Partners, Flare Capital Partners, Humana, and Health Care Service Corporation (HCSC).

Our expertise and proven value span all segments of healthcare including payers, providers, healthcare IT and life sciences. Here is just a sample of customers whose trust we have earned:

Providers:

  • Genoa Healthcare, Cleveland Clinic, Dignity Health, USMD Hospital

Payers:

  • Humana

Life Sciences:

  • Roche, BioReference Labs, Merck, MedNet Solutions

Healthcare Technology:

  • CareCloud, Zocdoc, Infor, MediQuant, Omnicell, Relias

 

How do I get started?

We can come in and assist if you already have hundreds of workloads on a public cloud, or all three clouds, or—on the other end of the spectrum—we can offer professional services to help you get started. For instance, we can provide services like creating a cloud maturity framework, building out a cloud adoption plan, or starting with a security risk assessment and PHI inventory. We can also help you at all points in between. Contact us to have a personalized call to discuss your needs and the challenges you are trying to solve. We can help you make the most of the opportunities to scale your business on the cloud.

You can learn more by visiting the resources section of our website to access articles, white papers, ebooks, guides, case studies and more here: https://www.cleardata.com/resources/