Compliance and Security Safeguards

Continuously Monitor Adherence to HIPAA Safeguards

ClearDATA applies HITRUST certified process and controls to secure the AWS infrastructure – while providing direct API access. With the ClearDATA Compliance Dashboard, healthcare organizations mitigate HIPAA Compliance audit risk by providing a real-time account of all cloud API activity. Our security expertise is backed by a comprehensive BAA, specifically designed to help healthcare organizations mitigate rather than enhance risk.

 

ClearDATA developed a purpose-built Responsibility Model that combines customized architecture guidance, security and monitoring tools, and HITRUST processes to provide further security in addition to Amazon Web Services (AWS)—all under one single BAA.

  • Enhanced Responsibility Model- Cloud infrastructures in the healthcare industry are not one size fits all. So why sign a standard Business Associate Agreement for them?
  • BAA Covered Services- AWS established a set of rules for a subset of services that process, transmit, or store PHI. ClearDATA fully integrates these guidelines, as well as other encryption and security protocols, to strength our comprehensive BAA.
  • Supplemental Responsibility Matrix- To clearly represent each contributor’s responsibility in the client relationship, ClearDATA maintains and customizes a RACI Matrix. This defines tasks and who is Responsible, Accountable, Consulted and Informed between ClearDATA and the customer.

ClearDATA helps healthcare organizations alleviate the risk of non-compliance by continuously monitoring their environment with a user-friendly dashboard.

  • Audit Reporting and Raw Logs- The Compliance Dashboard collects and stores all Operating System and AWS API activity in one centralized location, with available login statistics.
  • HIPAA Compliance Scorecard- The Compliance Dashboard provides a per-asset scorecard of compliance mapped directly against the HIPAA Compliance Code of Federal Regulations (CFR).
  • Enhanced Security Monitoring- Full instance monitoring such as anti-virus, anti-malware, and learning based intrusion detection systems (IDS) are offered as part of the ClearDATA Managed solution and can also be view using the Compliance Dashboard.

ClearDATA provides direct AWS API access in order to let customers gain full control of their environments as needed, while mitigating risk through the ClearDATA Compliance Dashboard.

  • Comprehensive IAM Roles- We have developed permission roles to enable customers to securely access compliant and BAA-covered services on the AWS API.
  • Hardened AMIs for Healthcare – In order to maintain our security and compliance posture, only ClearDATA hardened AMI’s are allowed for deployment.
  • Defense in Depth- ClearDATA clients can access their secure AWS API directly without any hoops to jump through.