TrueVault was formed in 2013 by Jason Wang and Trey Swann with the singular aim of helping healthcare organizations securely store personally identifiable information (PII) and protected health information (PHI) in the cloud. The company developed its AWS-based solution to simplify the complexities of data storage and HIPAA compliance and was the first data security company to be entirely focused on protecting PII and PHI.
Many healthcare organizations are now transitioning from on-premises infrastructure to the cloud and are using cloud providers such as AWS, Microsoft Azure, and Google Cloud to host applications that store or process PII and PHI. These cloud platform providers offer a HIPAA-compliant platform, but it the responsibility of each healthcare organizations to ensure their applications are compliant with HIPAA Rules.
TrueVault’s automated data protection solution serves as an alternative to developing applications in the cloud that incorporate all the necessary safeguards to ensure PII and PHI is protected to the stringent standards demanded by HIPAA.
The company’s HIPAA-compliant PII/PHI storage solution means healthcare organizations do not need to build a HIPAA compliant application stack from scratch, thus saving them a considerable amount of development time. The TrueVault solution allows healthcare organizations to focus on creating their applications and building the core functionality of their software, while the security and compliance requirements surrounding PHI and PII storage are handled by TrueVault.
TrueVault has developed a secure RESTful API to store and search healthcare data in any file format and has implemented safeguards to satisfy the requirements of the HIPAA Security Rule. The company has entered into a business associate agreement with AWS that guarantees AWS will provide cloud infrastructure that is compliant with HIPAA. TrueVault then signs a business associate agreement with its healthcare clients confirming it will comply with all aspects of HIPAA, has implemented appropriate safeguards to ensure the confidentiality, integrity, and availability of ePHI, that its staff have been trained on HIPAA requirements, and it has HIPAA-compliant policies and procedures in place. TrueVault clients are also protected by a privacy and data breach insurance policy.
TrueVault Compliance Solutions
In addition to helping healthcare providers comply with HIPAA and store their data securely, the company also offers a solution to eliminate the complexity of compliance with the EU’s General Data Protection Regulation (GDPR). TrueVault’s core services are:
TrueVault for HIPAA
TrueVault for HIPAA is a turnkey solution for healthcare organizations that prefer not to build cloud-based HIPAA-compliant applications from scratch with a HIPAA-compliant hosting company. The solution accelerates time-to-market and reduces an organization’s liability by handing over certain HIPAA compliance requirements to TrueVault, which looks after importing and storing PHI on behalf of its clients.
TrueVault Safe is a purpose-built repository for storing PII and PHI in the cloud. The solution incorporates physical and technical safeguards for HIPAA compliance and complies with the data minimization requirements of GDPR. The solution is highly scalable and incorporates advanced security features to help comply with HIPAA, GDPR, and the California Consumer Protection Act (CCPA). Flexible JSON and BLOB document stores allow the tokenization of personal data, the solution creates immutable audit logs, and there are robust identity management and access controls and per-record encryption.
TrueVault for GDPR
TrueVault for GDPR was developed to simplify personal data management and eliminate the complexity of GDPR compliance. The solution automates the organizational requirements of GDPR and allows DPOs to easily prove they have complied with GDPR data protection regulations.
TrueVault Atlas was designed to take the strain out of day-to-day compliance with GDPR. The solution maps personal data across an organization’s systems and through an automatically updated dashboard, users can automate data subject access and erasure requests. The solution also provides automatic notifications on data processing activities and alerts on data stored in incorrect locations. The solution integrates with many third-party solutions such as MongoDB, Salesforce, Stripe, Slack, G Suite, and PostgreSQL.