Health IT startup’s data storage tool aims to help HIPAA compliance for protected health info

8:15 am by | 2 Comments

First Aid Smartphone mobile health digital health mhealthThe HIPAA Omnibus Final Rule implementation date is drawing closer and health IT startup TrueVault can hardly wait. It’s using the occasion as a marketing opportunity for the beta launch of its platform to provide back office compliance for apps.

TrueVault is targeting companies that collect protected health information. Although mobile health accounts for many customers such as healthcare app developers, it’s also providing its services to wearable health tech device makers, and other companies having trouble with HIPAA compliance.

For instance, the largest number of calls the company is getting are coming from e-commerce websites that collect PHI. They include companies that sell Continuous Positive Airway Pressure machines, oxygen tanks, motorized scooters, among others. These e-commerce companies are storing diagnostic information, medical history records, past and present medication data. All of this needs to be stored in compliance with HIPAA.

Jason Wang and Trey Swann are the co-founders of this backend-as-a-service data storage solution. In the same vein as more widespread software as a service companies, backend-as-a-service is a niche but growing area. Companies in this space provide integrated cloud-based backends for mobile app developers.


TrueVault wants help companies store any data that’s created or received by a Covered Entity or a Business Associate, Swann said in an emailed response to questions. This data relates to past, present, or future physical or mental health conditions, the provision of health care, or payment for health care.

“Consumers want information, not data,” Swann said. “As a result, wearable health tech companies are building in features that allow the consumer-generated health information to feed up to Covered Entities for analysis. At this point the simple health data can become PHI. As soon as a doctor, an insurance company, or a pharmacy touches that data it may need to be protected at HIPAA-security levels.”

Swann adds that its customers want someone to carry them to HIPAA compliance, not just provide them a roadmap. He says its solution takes care of the physical and technical safeguards to help its customers comply with the final rule.

“TrueVault can help existing healthcare sites and apps become HIPAA compliant without going through a costly rebuild of their technology stack,” Wang said in a company statement. “We want our customers to focus on what they do best, leaving the ever-changing compliance requirements and security nightmares to us.”

Its data storage system allows users to store and retrieve any amount of data at any time from anywhere on the web, according to a company statement. It encrypts stored data with unique encryption keys for each object using AES 256 encryption algorithm.

It also has a business associate agreement with its hosting provider.

The most obvious challenge TrueVault faces is its age. It’s launching at a time when some companies are looking for a company with a more established record of securing data, especially when they are facing punishing fines for compliance hiccups. Still, its timing and niche market target could make a difference and help set it apart from competitors.

Wang and Swann previously co-founded Keenful, a customizable product recommendation service for websites. They also worked together at ticketing website

Another company supporting mobile app developers in this area is

Last week Verizon told MedCity News that the threat of punitive fines from failing to meet HIPAA compliance requirements has been driving hospitals and health IT vendors to the cloud.

[Photo credit: First Aid Mobile from BigStock Photos]

Copyright 2015 MedCity News. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Stephanie Baum

By Stephanie Baum

Stephanie Baum is the East Coast Innovation Reporter for She enjoys covering healthcare startups across health IT, drug development and medical devices and innovations deployed to improve medical care. She graduated from Franklin & Marshall College in Pennsylvania and has worked across radio, print and video. She's written for The Christian Science Monitor, Dow Jones & Co. and United Business Media.
Visit website | More posts by Author


Is this just for mobile app developers? How about data portability? I'm looking for a no lock-in guarantee. 

I've been evaluating solutions and consulting companies for a while now, and I just keep finding audits, assessments, and checklists. This seems promising...


@AJ  -- Yes, TrueVault offers data portability. No lock-in here.

Think of TrueVault as the back end of your application. You build your software on top of TrueVault and leave the regulations to us. TrueVault will handle all Technical and Physical Safeguards, as outlined in the Security Rule, for you. That piece of HIPAA is taken care with TrueVault.

But, there are a lot of moving pieces with HIPAA, and so compliance management should not be ignored. You have to do Risk Assessments annually, assign a Privacy Officer, have policies & procedures in place, implement employee training, and execute Business Associate Agreements with anyone you share PHI with.

These administrative components are really important when implementing a HIPAA compliance program.

I think that Accountable does a great job automating this process. Checkout