/plushcap/analysis/hex/hipaa-multi-tenant

Introducing Hex HIPAA multi-tenant

What's this blog post about?

The healthcare industry generates vast amounts of data daily, offering numerous opportunities for insights that can improve human life and longevity. However, patients and providers deserve privacy and accountability, necessitating secure storage and processing of their data. In the US, HIPAA provides guidelines and regulations for handling healthcare data, with harsh penalties for mismanagement. While many organizations mistakenly view HIPAA as a certification, it is actually a risk management process that requires each organization to determine its acceptable level of risk and demonstrate sufficient controls to manage that risk. Before providing services involving protected health information (PHI) to a HIPAA Covered Entity, an organization must sign a Business Associate Agreement (BAA). This agreement carries significant risk as the Business Associate is responsible for managing and processing PHI securely. Hex, a data analytics company, has heavily invested in security from its inception, including a dedicated Trust Program, unbroken SOC 2 Type II attestations, regular audits, and an active bug bounty program. Previously, the heightened risk from handling PHI led Hex to only sign BAAs for customers on their single-tenant deployments. However, they have now introduced a new option: HIPAA Multi-Tenant, which allows healthcare customers to use Hex at a greatly reduced total cost while maintaining best-in-class security measures. This new instance offers further assurances such as limited access through VPN or zero-trust options and tighter default controls specific to healthcare customers' needs.

Company
Hex

Date published
Oct. 25, 2023

Author(s)
Caitlin Colgrove and DJ McCulloch

Word count
667

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.