TrueVault was formed in 2013 by Jason Wang and Trey Swann with the singular aim of helping healthcare organizations securely store personally identifiable information (PII) and protected health information (PHI) in the cloud. The company developed its AWS-based solution to simplify the complexities of data storage and HIPAA compliance and was the first data security company to be entirely focused on protecting PII and PHI.

Many healthcare organizations are now transitioning from on-premises infrastructure to the cloud and are using cloud providers such as AWS, Microsoft Azure, and Google Cloud to host applications that store or process PII and PHI. These cloud platform providers offer a HIPAA-compliant platform, but it the responsibility of each healthcare organizations to ensure their applications are compliant with HIPAA Rules.

TrueVault’s automated data protection solution serves as an alternative to developing applications in the cloud that incorporate all the necessary safeguards to ensure PII and PHI is protected to the stringent standards demanded by HIPAA.

The company’s HIPAA-compliant PII/PHI storage solution means healthcare organizations do not need to build a HIPAA compliant application stack from scratch, thus saving them a considerable amount of development time. The TrueVault solution allows healthcare organizations to focus on creating their applications and building the core functionality of their software, while the security and compliance requirements surrounding PHI and PII storage are handled by TrueVault.

TrueVault has developed a secure RESTful API to store and search healthcare data in any file format and has implemented safeguards to satisfy the requirements of the HIPAA Security Rule. The company has entered into a business associate agreement with AWS that guarantees AWS will provide cloud infrastructure that is compliant with HIPAA. TrueVault then signs a business associate agreement with its healthcare clients confirming it will comply with all aspects of HIPAA, has implemented appropriate safeguards to ensure the confidentiality, integrity, and availability of ePHI, that its staff have been trained on HIPAA requirements, and it has HIPAA-compliant policies and procedures in place. TrueVault clients are also protected by a privacy and data breach insurance policy.

TrueVault Compliance Solutions

In addition to helping healthcare providers comply with HIPAA and store their data securely, the company also offers a solution to eliminate the complexity of compliance with the EU’s General Data Protection Regulation (GDPR). TrueVault’s core services are:

TrueVault for HIPAA

TrueVault for HIPAA is a turnkey solution for healthcare organizations that prefer not to build cloud-based HIPAA-compliant applications from scratch with a HIPAA-compliant hosting company. The solution accelerates time-to-market and reduces an organization’s liability by handing over certain HIPAA compliance requirements to TrueVault, which looks after importing and storing PHI on behalf of its clients.

TrueVault Safe

TrueVault Safe is a purpose-built repository for storing PII and PHI in the cloud. The solution incorporates physical and technical safeguards for HIPAA compliance and complies with the data minimization requirements of GDPR. The solution is highly scalable and incorporates advanced security features to help comply with HIPAA, GDPR, and the California Consumer Protection Act (CCPA). Flexible JSON and BLOB document stores allow the tokenization of personal data, the solution creates immutable audit logs, and there are robust identity management and access controls and per-record encryption.

TrueVault for GDPR

TrueVault for GDPR was developed to simplify personal data management and eliminate the complexity of GDPR compliance. The solution automates the organizational requirements of GDPR and allows DPOs to easily prove they have complied with GDPR data protection regulations.

TrueVault Atlas

TrueVault Atlas was designed to take the strain out of day-to-day compliance with GDPR. The solution maps personal data across an organization’s systems and through an automatically updated dashboard, users can automate data subject access and erasure requests. The solution also provides automatic notifications on data processing activities and alerts on data stored in incorrect locations. The solution integrates with many third-party solutions such as MongoDB, Salesforce, Stripe, Slack, G Suite, and PostgreSQL.


TrueVault Safe Made Available Free of Charge for Nonprofit COVID-19 Projects

TrueVault has announced its HIPAA-compliant TrueVault Safe service is being offered free of charge for nonprofit COVID-19 projects and to...

TrueVault Launches TrueVault Atlas Cloud

TrueVault has announced it has launched a new cloud-based version of TrueVault Atlas, the self-managed solution that generates automatic...

TrueVault Releases New Solution to Automate GDPR Management

TrueVault Atlas is a new solution that has been developed to help organizations manage and automate daily GDPR tasks to ease the GDPR...

TrueVault Launches SecureVault Tokenization Engine

TrueVault has launched a new feature of its flagship healthcare HIPAA-compliant data storage solution, SecureVault. A Tokenization Engine...

Multi-Factor Authentication Capability Added to TrueVault Management Console

TrueVault, a provider of a HIPAA-compliant cloud storage platform for personally identifiable information, has announced that multi-factor...

TrueVault Connect Identity Management Solution Launched

TrueVault has announced that its new identity management solution, TrueVault Connect, first released to a select group of customers in...