TL; DR: MedStack enables digital health innovation by empowering developers to meet privacy and security requirements while giving healthcare enterprises the confidence to onboard new technology. The HIPAA-compliant, all-in-one platform features cloud hosting, compliance automation, and built-in security protocols designed to get apps to market up to 60% faster. With plans for global expansion via active fundraising, MedStack continues to fuel the adoption of cutting-edge technology in the healthcare industry.
The healthcare industry is one of the largest and most essential in the world, and it’s ripe for innovation.
Between telemedicine, connected medical devices, billing and scheduling solutions, and electronic health records, developers are coming up with smarter, more effective ways to address the industry’s biggest problems.
Unfortunately, these forward-thinking innovations often come to a screeching stop when it’s time for adoption, leaving enormous untapped potential.
It’s not that hospitals and healthcare enterprises are tech laggards. Many want to embrace and recommend new products — just not at the cost of patient privacy. After all, confidentiality is part of the Hippocratic Oath:
Whatever I see or hear in the lives of my patients, whether in connection with my professional practice or not, which ought not to be spoken of outside, I will keep secret, as considering all such things to be private.
That’s where MedStack comes in. The HIPAA-compliant platform enables digital health innovation by empowering developers to meet privacy and security requirements, bringing cutting-edge technologies to the industry up to 60% faster.
“One of the biggest concerns in healthcare right now is privacy compliance,” said Natalie Calderon, Director of Brand and Community Marketing at MedStack. “It’s the reason why, despite the fact that tech companies have incredible ideas, they face difficulty gaining traction. MedStack’s goal is to make the transition from development to commercialization much smoother.”
The technology features cloud hosting, a containerized environment, compliance automation, and built-in protocols designed to accelerate adoption in the healthcare market by quickly meeting hospitals’ security and integration requirements.
Moving forward, MedStack aims to push the adoption of cutting-edge technology on an even grander scale, with plans to allocate current fundraising efforts toward global expansion.
A Secure, Time-Saving Platform for App-Enabled Healthcare
Natalie told us that MedStack is unmatched when it comes to supporting high standards in security and privacy. The technology codifies industry requirements into the cloud, allowing developers to focus on improving the user experience and workflow of their health apps.
MedStack’s developer-friendly approach is also flexible so that users don’t have to learn new tools. This includes support for all popular database systems, any Linux or .NET core framework, and multiple continuous integration and continuous delivery (CI/CD) deployment choices. Ultimately, these benefits allow users to deliver better value to patients more quickly.
“We are a turnkey, all-in-one solution — hosting, tooling, security, and compliance built specifically for the needs of the healthcare industry,” Natalie said. “There’s nobody else doing that right now.”
With MedStack, developers can create fully compliant environments in just minutes and make instant changes as the business evolves. The platform removes burdens such as auditing, logging, backups, monitoring, encryption, port control, and access control.
And, with usage-based billing, companies can save a significant chunk of change. “Compliance can take up to six months if you’re building these solutions yourself, and it’s expensive — often totaling upward of $100,000 a year, which is cost-prohibitive for many early-stage companies,” Natalie said. “We’re a much more affordable solution.”
MedStack’s platform was built to guarantee the highest levels of data security. It offers full-stack compliance in both the U.S. and Canada, and an intelligent, AI-powered compiler creates secure environments in which every customer has their own virtualized space.
The technology also protects data through a defense-in-depth (DID) separation architecture, a hypervisor-based intrusion detection system, transport layer security (TLS) protocols, and two-factor authentication for admin access, among other measures.
Natalie said the platform serves as somewhat of a second insurance policy for startups. “It allows you to put worries about security and privacy compliance aside and focus on building what you know and love — the clinical aspects of your application, the UX, the UI,” she said.
MedStack also provides proof of compliance to hospitals and other buyers, which helps healthcare app startups in terms of sales readiness and growth.
Developing Amid Data Privacy Regulations: HIPAA, GDPR, & More
Co-Founders Balaji Gopalan and Simon Woodside first unveiled their idea for MedStack at an Apps for Health event in 2015. In the years since, Natalie told us that the regulatory environment has grown increasingly complex.
HIPAA was signed into law back in 1996 by President Bill Clinton, but other privacy laws, such as the European Union’s General Data Protection Regulation (GDPR), have come into force as recently as 2018.
MedStack is fully compliant with the high standards of multiple regulations, including HIPAA, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and Ontario’s Personal Health Information Protection Act (PHIPA), among others.
Building compliant servers is a complicated process. Ensuring a server is compliant with HIPAA, for example, requires adherence to a lengthy list of requirements, including everything from complete data encryption and audit logs to specialized data disposal methods and business associate agreements (BAAs).
To relieve developers of the burden of spending time and money on the architecture and legal work needed for compliance and interoperability, MedStack makes sure all these requirements are met. The platform also delivers automatic privacy impact and threat risk assessments, as well as compliance reports for HIPAA, GDPR, and ISO 27001.
In 2018, the company introduced a self-service active compliance system built via a partnership with Privacy Horizon that united infrastructure security, privacy training, and administrative policies for both HIPAA and GDPR within the platform.
In January, MedStack announced that the company had successfully completed its Service Organization Control (SOC) 2 Type 1 audit, which was conducted by an independent CPA firm. The audit report confirms that MedStack meets the SOC 2 Trust Service Principles of security, availability, and confidentiality.
“Helping to educate people on compliance is probably the toughest thing — it’s a complex topic and not the expertise of a lot of these innovators, doctors, and CTOs,” Natalie said.
Recently, she said there has been a lot of confusion around using Amazon Web Services (AWS) for HIPAA applications.
“Hosting is certainly one piece of the puzzle when it comes to being compliant, but ultimately the onus of responsibility falls on the customer to take care of the rest, she said. “There are many additional safeguards, both technical as well as administrative, that MedStack provides on top of the physical safeguards required for HIPAA-compliant hosting in order to deliver strong compliance guarantees.”
Up Next: Future Expansion via Fundraising
When it comes to future development, Natalie told us MedStack relies heavily on both feedback from early-stage healthcare developers and industry and regulatory trends.
As for what’s next, MedStack is currently growing its business through outside investments via the next funding round.
“That will allow us to continue to expand outside of North America, where our focus lies right now,” Natalie said. “We have some customers in Europe, the Middle East, and Singapore, but we’ve really just scratched the surface of the international market.”
Natalie told us MedStack has a busy future ahead. “We’re still maturing, but I’m constantly reminding myself that we’re still very much ahead of the game,” she said.