Most organizations are short-staffed when it comes to managing their cloud infrastructure. This can cause delays in application development and support. In addition, most organizations do not have the AWS expertise to effectively build and manage a HIPAA-compliant AWS infrastructure.
Inexperience can cause AWS services to be deployed incorrectly, causing reliability or scaling issues, and, even worse, HIPAA data breaches. A trusted healthcare MSP can ensure that your AWS services are designed, built, and managed properly, so you can focus on what you do best: your application.
At Cloudticity, we are experts in helping healthcare organizations establish and maintain HIPAA compliance in the AWS cloud. We’ve been exclusive in this realm for over eight years.
Cloudticity has built some of the largest healthcare systems on AWS, including the first patient portal for a major healthcare system, the first healthcare information exchange (HIE), the first FISMA high deployment on AWS GovCloud, and the first Meaningful Use 2 (MU2) compliance.
At Cloudticity, we start everything with automation, and have been doing so since day one. This is a groundbreaking advantage because our platform, Cloudticity Oxygen™, allows fully HIPAA-compliant AWS services to be deployed in minutes instead of days or weeks.
This fully automated hosting platform is the most important difference. Other MSPs that claim to be automated tend to be manual behind the scenes. We’ll typically know if something is wrong with your infrastructure and fix the issue before you know anything is wrong.
We have many firsts on AWS, including the first patient portal deployed to the platform, the first successful Meaningful Use II attestation on AWS, the first health information exchange (HIE) deployed on AWS, and the only FISMA-High workload on GovCloud.
We are the only company in the world to have the unique combination of the following credentials:
No system under our management has ever experienced a HIPAA breach.
Healthcare is a highly regulated industry, with requirements that change often and affect compliance. Generalist MSPs often lack the resources and expertise to keep up with ever-changing regulatory requirements.
Generalist MSPs are also not as experienced in deploying and maintaining a HIPAA-compliant server infrastructure. Inexperience leads to mistakes, which can lead to a data breach. In fact, we have found that most healthcare organizations that use generalist MSPs are not fully HIPAA compliant when it comes to their server infrastructure.
HIPAA data breaches can be an end of life event for a company. Studies have shown that most small- and medium-size companies go out of business within six months of a data breach.
The average cost of a healthcare data breach in 2018 was $408 per patient record, according to a study conducted by the Ponemon Institute on behalf of IBM Security. The combination of federal and state fines, class action lawsuits, and bad press can be too much for an organization to overcome.
Cloudticity has created a free automated HIPAA technical assessment for existing AWS accounts. Additional details can be found here.
Cloudticity is an AWS reseller and audited managed services provider. We maintain the relationship and business associate agreement (BAA) with each client, and also manage the interaction and interface with AWS.
Yes. Cloudticity is HITRUST certified, and you can inherit many of Cloudticity's HITRUST controls. In fact, Cloudticity just made your HITRUST journey even easier with the launch of HITRUST in Box. This solution provides a path for healthcare organizations to become fully HITRUST certified in a matter of months at a fraction of the cost of the traditional route.
The Provider Third-Party Risk Management Council recently announced that in less than 24 months, its member organizations will require technology vendors to be HITRUST certified.
In addition, a number of insurance companies have already mandated this as well. These new developments have left healthcare technology companies scrambling to achieve HITRUST certification. Cloudticity saw this trend coming well in advance and created a solution to help you meet your aggressive HITRUST goals.
Yes. Cloudticity’s professional services team provides application architecture, AWS migrations, and data lake builds, as well as building rational DevOps practices that leverage AWS infrastructure as code.
We have an exceptionally strong DevOps practice, so we can help customers build integration pipelines, deployment pipelines, full automation of code deployments, infrastructure deployments, and more.
Yes. Cloudticity offers a comprehensive BAA. Cloudticity will also sign your BAA. Learn more about obtaining a BAA.
Yes. Cloudticity has performed many migrations to AWS with no downtime to the customer's end users. The key to a successful cloud migration is proper planning. Cloudticity is happy to speak with you about a customized migration plan.
The HITRUST-certified Cloudticity OxygenTM platform is a fully managed service that offers workloads specifically designed for HIPAA on AWS. Oxygen has three pillars:
Cloudticity Oxygen is a full package, meaning clients can't turn pieces on and off, other than the optional addition of Trend Micro Deep Security (which is highly recommended). Oxygen is applied at the AWS account level, meaning clients can have multiple accounts and choose to have Cloudticity manage a subset of them.
Onboarding (and offboarding, although rare) is accomplished through automation as much as possible, and generally takes place in a few hours. We can add an existing AWS account into Cloudticity Oxygen, and also remove Oxygen and return an account to client management as necessary.
Cloudticity assigns a team of technical resources to each client to assure 24/7 coverage while still maintaining consistency of personal relationships. We also assign a client success manager, as well as perform quarterly architectural reviews.
Cloudticity's professional services team offers deep expertise in advanced AWS technologies as they apply to healthcare workloads, centered around four practice areas:
Cloudticity is language- and technology-agnostic, so feel free to use whatever programming languages and environments make sense for your team and applications.
We will need to perform an architectural assessment that factors in parameters such as required recovery time objective (RTO) and recovery point objective (RPO). Cloudticity always recommends redundant components deployed across multiple availability zones within any particular region, so that failure of an individual component doesn't necessarily result in overall system failure.
In addition, we have standard patterns for self-healing systems, such as the use of auto-scaling groups that recreate failed EC2 instances automatically.
Cloudticity Oxygen pricing is based on a percentage of the monthly AWS bill, with a minimum $2,500 monthly service charge.
Cloudticity does not use contractors for client-facing work. We limit the use of outsourcers to administrative tasks such as marketing, documentation, and website maintenance.
All client-facing Cloudticity personnel are full-time employees, US citizens who have passed complete background checks. Most employees maintain US government secret-level clearance for the work we do with the Department of Veterans Affairs.
Cloudticity does extensive work with the VA on GovCloud and manages the only FISMA-High workload ever deployed to that environment. As a result, most of our technical staff maintain US government secret-level clearance to work on that project.