Case Study

Considerations for HITRUST CSF Certification on AWS

June 9, 2020
Resources New Data Sheets 814x460 HITRUST AWS

Datica was founded to make building healthcare technology in the cloud easier. They wanted to break down the barriers to leveraging new technology, and in the process, secure healthcare data in the cloud to enable the healthcare industry to quickly develop and implement new technologies.


Datica partners with healthcare innovators that build new solutions to help reduce the cost of care, improve the care experience, and ultimately, improve patient outcomes. Datica reduces the level of effort for their partners by managing the secure storage and processing of electronic protected health information (ePHI) or healthcare-specific data on AWS.

The chief privacy officer role at Datica is important because compliance is a “first-class citizen” and a primary function for the organization. Compliance is a core program, not just in terms of their product, but as an organization and a partner to their customers.

When the time came to choose a cybersecurity advisor, Datica decided a key requirement was finding a firm that would be first and foremost a partner. “We wanted a partner that had seen a lot of different deployments on the cloud and had worked with many healthcare organizations, both large and small, to assess cybersecurity posture,” explained Travis Good, CEO, cofounder, and chief privacy officer, Datica.


Datica looked at several firms and ultimately chose Coalfire because they were looking for a partner that would support their go-to-market strategy of leading with security and compliance. As Coalfire also had experience with the new technologies Datica was leveraging, they could help them understand the implications of using AWS, Docker, and Kubernetes. “We felt Coalfire was uniquely suited to be our partner and help advise us in securing those technologies,” stated Good.

The AWS platform is transformative. It goes beyond technology to break down barriers and fundamentally changes the way technology is built, deployed, and scaled. Datica chose AWS because of the high market recognition around the value of AWS as a cloud provider.

“AWS provides incredibly powerful tools and a lot of flexibility, and our developers like using it,” explained Good. “Many of our users are also developers, so AWS is a good partner for a multitude of reasons. But it is their focus on developers that makes their solutions very powerful for us.”


Datica has held HITRUST CSF certification for several years, and they have been through multiple ongoing assessments with HITRUST to maintain certification. It has been the anchor of their security and compliance program. HITRUST continues to deliver a lot of value to the organization, both internally in terms of the robustness of their security and compliance program and externally as a factor related to how the market perceives Datica and trusts in what they do.

“For organizations that are planning programs using modern technologies, especially on AWS, and need a partner to be there through the constant evolution of AWS, Coalfire is a good choice for a cybersecurity advisor.”


Related Resources