About RosettaHealth
Interoperability in healthcare has become increasingly challenging and crucial as organizations continue to adopt new technologies and transfer data across a growing number of sources, with a lack of a centralized method of communication.
Traditional methods to achieve this exchange and synthesis of health data are costly and time-consuming. Not all stakeholders collecting health data use the same methods of communication, vendors, and protocols—leaving some organizations unable to communicate with others completely, while others must pay per connection. Ensuring data is secure and meets regulatory requirements is another interoperability challenge, as some organizations may not be governed by the same regulations and standards as those with which they are communicating.
RosettaHealth, an innovative health exchange platform, relies on ClearDATA to maintain and enhance the security of their health IT infrastructure. ClearDATA’s role as an AWS Level 1 MSSP Partner ensures superior protection of RosettaHealth’s sensitive health data, providing continuous security monitoring and incident response services through AWS’s robust security tools. Its SaaS-based data transport platform, HealthBus, normalizes and transports health events and records (EHRs) at scale across a variety of organizations such as hospitals, HIEs, and urgent and acute care systems. The platform allows for health data exchange over wide geographic areas at a fraction of the cost and effort of traditional methods.
Why Cloud
The Electronic Healthcare Network Accreditation Commission (EHNAC) was established to develop standard criteria and accredit organizations that electronically exchange healthcare data, and it is one of the governing mechanisms RosettaHealth has to go through in order to operate its platform. Initially, RosettaHealth hosted its platform in an on-premises data center due to EHNAC requiring an on-site visit as part of its accreditation assessment. However, the RosettaHealth team moved to AWS in 2018 once the cloud platform began permitting these visits.
On AWS, the RosettaHealth team leverages services such as EC2, S3, and RDS, as well as Lambda. Because their customers need to be able to transport data through the HealthBus platform with zero downtime, every single day, capacity planning can be difficult. Implementing serverless through Lambda allows the team a high degree of scalability, so they no longer need to estimate server usage and can come up with solutions more tailored to their customers. Prior to using the AWS cloud, RosettaHealth was managing security and compliance on their own—but as the number of customers on their platform grew, they looked to bring in a partner. A team of seven individuals, most with backgrounds in IT, RosettaHealth needed to find a partner that could not only manage the security and compliance of their platform, but also augment their team from an AWS expertise and engineering standpoint. Shortly after hosting their platform on AWS, RosettaHealth began researching partners.
Why ClearDATA
The RosettaHealth team was introduced to ClearDATA in 2018 at the Healthcare Information and Management Systems Society (HIMSS) Conference. ClearDATA stood out among other companies RosettaHealth researched in part due to their HITRUST certification. “By saying that we are in a HITRUST certified environment managed by ClearDATA, that gives our customers an extra warm and fuzzy,” says Kevin Puscas, RosettaHealth Chief Technology Officer. It is crucial for RosettaHealth to be able to prove the security of their environment to not only their customers, such as large HIEs, but also to their customers’ customers, such as acute and ambulatory care organizations, which are traditionally risk averse when it comes to transporting PHI.
RosettaHealth also values the healthcare expertise and familiarity with regulations outside of HIPAA that ClearDATA offers. According to Puscas, “ClearDATA was familiar with EHNAC and had helped other customers go through EHNAC audits, so being able to have a partner in that process was a tipping point for our team.” RosettaHealth uses the Compliance Dashboard reports for their upcoming EHNAC audits, reducing the amount of time it would take to pull together the necessary evidence on their own.
The Solution
ClearDATA’s Compliance Dashboard offers an instant view into RosettaHealth’s compliance posture, tracking the AWS controls relevant to HIPAA and HITRUST. With ClearDATA’s automated safeguards, it is ensured that changes are controlled, monitored, and logged, providing a real-time and historical view of the environment.
ClearDATA’s AWS MSSP capabilities also offer RosettaHealth the benefit of a layered approach to security. The service provides RosettaHealth with AWS WAF to protect their web applications from common web exploits, and AWS GuardDuty for intelligent threat detection. Furthermore, ClearDATA’s DDoS protection services ensure that RosettaHealth’s systems are continuously monitored and protected from malicious attacks.
In addition to the aforementioned benefits, ClearDATA provides RosettaHealth with extra layers of security through its AWS Level 1 MSSP capabilities. With this partnership, AWS’s broad range of advanced security tools are utilized to their full potential, enhancing RosettaHealth’s security measures.
ClearDATA’s AWS MSSP capabilities enhance RosettaHealth’s security monitoring with AWS CloudTrail, which keeps track of user activity, API usage, and resource modifications. This feature provides a detailed view of the security and operational health of RosettaHealth’s AWS environment, which is crucial for maintaining regulatory compliance and auditing.
Moreover, ClearDATA’s AWS MSSP partnership extends RosettaHealth’s security measures with AWS Shield, an advanced DDoS protection service. AWS Shield ensures that RosettaHealth’s system remains resilient against the largest and most sophisticated DDoS attacks, allowing uninterrupted access to their health exchange platform.
AWS Security Hub, another feature brought to the table by ClearDATA’s AWS Level 1 MSSP partnership, provides RosettaHealth with a comprehensive view of their security alerts and compliance status across AWS accounts. These AWS MSSP capabilities, combined with ClearDATA’s Compliance Dashboard, ensure that RosettaHealth’s compliance posture is consistently maintained and enhanced.
Additionally, their team can focus on core strategic initiatives and innovating on their platform while Comply software enforces compliance through automation of technical controls mapped to HIPAA standards via automated safeguards. “ClearDATA is the force multiplier. We are saving money by not having to hire half a dozen AWS engineers, and we wouldn’t be able to run the business model that we currently run,” says Puscas.
RosettaHealth Impact & Future Plans
As RosettaHealth continues to grow and scale with the current size of their team, ensuring security of sensitive data becomes increasingly crucial to the operation of their business. Their team will continue to rely on ClearDATA for both security and compliance, as well as the AWS expertise needed in order to adopt more services and understand ways to better utilize those services.
Currently, the RosettaHealth platform is “headless” – meaning that most customers interact with the platform through API calls. One of RosettaHealth’s priorities for the near future is to move from a black box to be more transparent and enable customers to do more within their platform, such as gain the ability to directly monitor traffic flows, see route configurations, etc. The team is exploring using services such as CloudWatch and Cognito to improve their customer experience, and it is crucial that the platform maintain tight security and compliance with their customers’ increase in visibility of the platform and their data.
RosettaHealth also plans to go through their own HITRUST certification in the near future, as HITRUST has become increasingly necessary in their line of business. Their team plans to explore ClearDATA HITRUST Inheritance for controls covered through the inheritance program, to be able to achieve the certification in a timely manner.
ClearDATA’s partnership with AWS as a Level 1 MSSP provides RosettaHealth with robust and comprehensive security solutions that safeguard their health exchange platform, enabling them to focus on their core business: delivering innovative healthcare solutions.
