The US Government officially endorses NIST standards as the pathway to HIPAA compliance. Unlike standards such as PCI, there isn't an official HIPAA / HITECH certification, which has lead to an abundance of (expensive) proprietary certification programs. Unfortunately, some of the biggest breaches in recent years have occurred in healthcare organizations that were vetted and "certified" by the same vendor programs.
The Healthcare Blocks team and its compliance and legal partners advocate ongoing compliance efforts and re-assessment of policies and procedures as new threats arise and previously approved standards are weakened. We believe in strength of numbers - being audited by one party is not good enough. That's why Healthcare Blocks is audited on a regular basis by security professionals representing hospitals such as Kaiser Permanente, financial firms such as Morgan Stanley, and consulting firms specializing in HIPAA compliance such as Clearwater Compliance.
In addition, our platform is subject to a penetration test performed by third party vendors on behalf of our customers, on the average, every 1-2 months. Our platform has passed every test since our inception in September 2013. Customers, such as Brijesh Patel from InquisitHealth (recently accepted into DreamIt Health Ventures), have used the results of these tests to help land new customers.
Healthcare Blocks does not operate its own datacenter. Instead, we've partnered up with Amazon Web Services, who is responsible for managing the infrastructure layer. We have a mutual Business Associate Agreement in place as of November 4, 2013. SOC reports are available upon request and require the signing of a non-disclosure agreement.