Health IT

Health IT startup’s data storage tool aims to help HIPAA compliance for protected health info

First Aid Smartphone mobile health digital health mhealthThe HIPAA Omnibus Final Rule implementation date is drawing closer and health IT startup TrueVault can hardly wait. It’s using the occasion as a marketing opportunity for the beta launch of its platform to provide back office compliance for apps.

TrueVault is targeting companies that collect protected health information. Although mobile health accounts for many customers such as healthcare app developers, it’s also providing its services to wearable health tech device makers, and other companies having trouble with HIPAA compliance.

For instance, the largest number of calls the company is getting are coming from e-commerce websites that collect PHI. They include companies that sell Continuous Positive Airway Pressure machines, oxygen tanks, motorized scooters, among others. These e-commerce companies are storing diagnostic information, medical history records, past and present medication data. All of this needs to be stored in compliance with HIPAA.

Jason Wang and Trey Swann are the co-founders of this backend-as-a-service data storage solution. In the same vein as more widespread software as a service companies, backend-as-a-service is a niche but growing area. Companies in this space provide integrated cloud-based backends for mobile app developers.


TrueVault wants help companies store any data that’s created or received by a Covered Entity or a Business Associate, Swann said in an emailed response to questions. This data relates to past, present, or future physical or mental health conditions, the provision of health care, or payment for health care.

“Consumers want information, not data,” Swann said. “As a result, wearable health tech companies are building in features that allow the consumer-generated health information to feed up to Covered Entities for analysis. At this point the simple health data can become PHI. As soon as a doctor, an insurance company, or a pharmacy touches that data it may need to be protected at HIPAA-security levels.”

Swann adds that its customers want someone to carry them to HIPAA compliance, not just provide them a roadmap. He says its solution takes care of the physical and technical safeguards to help its customers comply with the final rule.

“TrueVault can help existing healthcare sites and apps become HIPAA compliant without going through a costly rebuild of their technology stack,” Wang said in a company statement. “We want our customers to focus on what they do best, leaving the ever-changing compliance requirements and security nightmares to us.”

Its data storage system allows users to store and retrieve any amount of data at any time from anywhere on the web, according to a company statement. It encrypts stored data with unique encryption keys for each object using AES 256 encryption algorithm.

It also has a business associate agreement with its hosting provider.

The most obvious challenge TrueVault faces is its age. It’s launching at a time when some companies are looking for a company with a more established record of securing data, especially when they are facing punishing fines for compliance hiccups. Still, its timing and niche market target could make a difference and help set it apart from competitors.

Wang and Swann previously co-founded Keenful, a customizable product recommendation service for websites. They also worked together at ticketing website

Another company supporting mobile app developers in this area is

Last week Verizon told MedCity News that the threat of punitive fines from failing to meet HIPAA compliance requirements has been driving hospitals and health IT vendors to the cloud.

[Photo credit: First Aid Mobile from BigStock Photos]