HIPAA Compliance

Our Hydra Cloud storage solution provides a safe, secure, HIPAA compliant hosting environment for customers in the medical, dental and healthcare industry. They Hydra solution uses the following security safeguards to protect personal health information:

Encryption

All customer data sent to Datatility is encrypted with 256-bit AES encryption before transmission and then sent via an SSL connection. Private encrypt keys protect health data in such a way that not even Datatility has access to the data.

Data Backup and Disaster Recovery

Hydra Cloud utilizes Cleversafe’s patented dsNet® storage solution leverages information dispersal algorithms (IDA) coupled with encryption to virtualize, slice, and disperse data across a network of storage nodes that are entirely self-managed and self-healing. As a result, data is ultra-reliable and highly available, without the associated incremental costs and overhead found in traditional RAID and replication methods. Hydra Cloud’s technology ensures data security, even if data subsets are compromised.

Secure Data Centers

Datatility is located in data centers that are physically secure with protective measures that restrict personal access and comply with strict operational standards including the Statement on Auditing Standards (SAS) #70 and the Statement on Standards for Attestation Engagements (SSAE) #16. Additionally, onsite security officers guard all Datatility data center locations 24 hours a day, 365 days a year.

Log Retention

All user data access activities are captured in logs for each appliance in the system. These logs are retained permanently and can be used to determine which users have altered the contents of the storage system. The dsNet manager component of the storage system provides a facility to search the contents of these logs to identify various activities and correlate activities to events within the system.

Data Level Monitoring and Intrusion Detection

Through normal operations, the Hydra Cloud Solution system appends integrity checksums to the contents of each slice of data stored within the storage system. A constantly running background process checks the integrity of each slice of data in the system using the integrity checksum. If the contents of a slice are found to be missing or corrupt, the contents are rebuilt from the contents of the other slices in the system associated with the missing or corrupt slice.

Business Associate Agreement

A business associate agreement is not required with Datatility. These agreements are required where there is a reasonable probability that protected health information can be accessed. The encryption system used in our Hydra Cloud Solution means that Datatility never has access to your data.