TrueVault Compliance


A development platform for healthcare apps



Explore Docs View Pricing

Everything you need

Your application is guaranteed to meet all HIPAA technical requirements (Physical and Technical Safeguards) when you plug in TrueVault’s HIPAA-upgraded components. Hosting services only help you with parts of HIPAA compliance. TrueVault covers all your bases.

Fastest way to compliance

Trying to figure out what you need to implement to meet HIPAA requirements is time consuming. Use TrueVault-provided components and your app is instantly HIPAA compliant. You should spend your time on product improvements, not on becoming a HIPAA legal expert.

Scalable Pricing + Insurance

Use TrueVault for free while you develop your app. When you are ready to go live, TrueVault’s pricing model is designed to scale with your business. For additional peace of mind, all data stored in TrueVault is covered under our Cyber Liability/Breach Insurance.

Check off all HIPAA requirements with TrueVault

TrueVault provides everything your application needs to meet the requirements under HIPAA's Physical and Technical Safeguards. HIPAA-compliant hosting providers can only help you with Physical Safeguards leaving you on your own to figure out what your obligations are under the Technical Safeguards. You save time and get everything you need to make your application HIPAA compliant with TrueVault

TrueVault: total compliance

Physical Safeguards
Technical Safeguards

HIPAA-compliant hosting: partial compliance

Physical Safeguards
TrueVault Hosting
Physical Safeguards:
Facility Access Controls
Workstation Use
Device and Media Controls

Technical Safeguards:
Access Control
Audit Controls
Integrity
Authentication
Transmission Security

Everything your app needs to be HIPAA compliant

Every TrueVault feature is designed to work together to give your application everything it needs to meet HIPAA requirements. Use our IAM service to manage your users and TrueVault will automatically log all user related activities in our immutable audit log. Tokenize Personally Identifiable Information using our JSON and BLOB stores so you never have to worry about storing sensitive data in your production environment. Underpinning all TrueVault services is our platform specifically designed to protect the world's most sensitive data.

Identity & Access Management

Authentication

Don’t reinvent the wheel; Let TrueVault manage user authentication with robust security protections. Save time and reduce risk.

Profile Management

Personalize your app while staying secure with TrueVault’s flexible user profile management tools.

Role & Ownership-based Authorization

Tight access control is a crucial part of security and compliance. With TrueVault’s flexible Group Policies, you can effortlessly stay compliant and prevent leaks.

Data Tokenization

Secure JSON document store

Store any structured data in TrueVault with our flexible document store. No need to conform to a preset schema, structure your data to fit your app.

Secure file storage

Protect any unstructured data, like PDFs, images, and custom file formats.

Secure Search

Quickly search through millions of JSON documents using flexible queries.

Hardened Security

Immutable audit logging

Every operation in TrueVault is logged and associated with an authenticated user, ensuring no action goes unnoticed. Save time and money by offloading this detailed, pervasive record keeping.

Per-record encryption

TrueVault stands apart by encrypting each record individually, improving security systemically by never creating a master key.

Encryption at rest and in transit

Sensitive data is encrypted immediately and is protected in transit and at rest, exceeding HIPAA requirements and protecting against advanced threats.

Achieve higher security standards with Advanced Security

TrueVault Compliance Advanced Security includes additional security features to meet your higher security standards. Your users and their data will be protected from a wide range of attacks including social engineering and ransomware attacks. These features are not only necessary in today's cybersecurity climate, they may also be mandated by many Covered Entities.

User MFA

Safeguard your users from phishing and other social engineering attacks by enabling Multi-Factor Authentication. Even if a user’s password is guessed or stolen, your data is protected behind a second layer of authentication.

Immutable Document Versioning

Protect yourself from ransomware attacks and accidental loss by keeping a tamper-proof secondary copy of each version of your data. No matter what happens, you can always restore records to previous versions quickly, without the loss-windows that come with periodic backups.

Password Policy

Comply with organization security rules by requiring strong passwords. TrueVault lets you customize your password requirements so you can be flexible in the face of partner requirements and security assessments.

F.A.Q.

How is TrueVault Different?

TrueVault is the only product that allows you to become HIPAA compliant without overhauling your entire application and migrating your infrastructure. This makes TrueVault the easiest way to become compliant, but being compliant isn’t enough to prevent breaches. TrueVault goes further than any other HIPAA Compliant offering to provide earnest, systemic security that will help you keep your data secure and private. At TrueVault, security is our priority and our passion. We’ll make you compliant quickly, and we’ll keep your data secure as your business grows.

Can I write custom code in TrueVault?

TrueVault is designed to complement your existing infrastructure, so you don’t need to write code in TrueVault. By following the de-identification path to compliance, you can write your application in any technology stack you like and run it anywhere you like, unencumbered by HIPAA safeguards. As long as you deidentify the data you process on your servers, and store the identifying information securely in TrueVault, you can run your code anywhere you like. Your developers will love the flexibility of using the right tool for the job, and you’ll benefit from better performance at a lower cost.

Will you help me in a security assessment?

Absolutely. One of the advantages of using TrueVault is our platform makes it easy to satisfy security assessments, and our team’s experience helps ensure a smooth approval. Over the years we’ve helped customers through countless third party security assessments. Most assessments follow a common pattern, so we’ve built up a suite of documentation to help auditors and partners easily understand the security advantages of TrueVault. When we run into new questions, we’re happy to help you find the right answers.

Do I have to port my code to run on TrueVault?

Nope! If you have an existing application that you want to make compliant using TrueVault, you can continue running your existing code the way you do today with small tweaks here and there to de-identify your data. If you store all the identifying information securely in TrueVault, then the de-identified data set can be stored and processed anywhere, with no obligation to adhere to the safeguards mandated by HIPAA.

Why is it better to use TrueVault than compliant-hosting?

Compliant hosting offerings are only able to solve a very narrow slice of HIPAA Compliance: the physical safeguards. Your hosting provider sees your application as a black box, so they can’t help you build authentication securely, enforce access control, or even keep a complete Audit Log. TrueVault does all of these things out of the box. In addition to our compliant and secure data store, we also handle user authentication and access control, comprehensive and tamper-proof audit logging, as well as protection from advanced threats like ransomware. TrueVault is simultaneously more comprehensive, and more flexible. Because our API is modular, you can pick and choose how deep your integration with TrueVault is and how much of the HIPAA burden you offload. In some cases, we serve as the only backend for web and mobile applications. In others, we manage users’ identity and their access to sensitive data, but nothing else. Your team can decide how to get the most out of TrueVault, and our onboarding and support teams are here to ensure your integration is tailor fit to your needs.

How much work is it to switch to TrueVault?

If you have an existing application that you want to make compliant using TrueVault, you may be surprised how quick and easy the process is. By following the de-identification path to compliance, you can leave the vast majority of your application untouched. Start using TrueVault to store identifying information, such as names and phone numbers, and leave your non-identifying information as it is. You will need to edit your application source to make this change, but many customers find that it can be done in a matter of days. Of course, this depends on your specific use case. To learn more about what it takes, schedule a free whiteboarding session with the TrueVault team to talk about your specific application.

Did we miss your question?

Send us your question, or ask it on StackOverflow (tag it with 'truevault')

Ready to get started?

Get in touch, or create an account (remember: TrueVault is free until you are ready to go live)