Startup Aptible strives to be the TurboTax for HIPAA compliance

Anyone remotely close to the healthcare sector knows that HIPAA compliance is nothing to be taken lightly, from the big health systems to the startups looking to tap into potentially vast knowledge gleaned from patient data. And startups in particular face a daunting task convincing the healthcare giants they hope to work with that, while […]

Anyone remotely close to the healthcare sector knows that HIPAA compliance is nothing to be taken lightly, from the big health systems to the startups looking to tap into potentially vast knowledge gleaned from patient data. And startups in particular face a daunting task convincing the healthcare giants they hope to work with that, while they may be adept at creating software and applications, they’ve also mastered the art of appeasing regulators.

That’s where San Francisco-based Aptible, a new startup backed by Y Combinator and incubated at Rock Health, hopes to step in. The three-person company launched earlier this week with its platform that seeks to make HIPAA compliance for software developers as easy as TurboTax – a straightforward process for an otherwise complex puzzle.

“HIPAA is like the one-size-fits-all regulation,” CEO Chas Ballew said, noting that hospitals, physician practices, payers and anyone working within the healthcare space have to adhere to the law all the same. “That includes tech, all IT, software vendors, whether it’s startups or big companies and consultants.”

To make matters more streamlined, Ballew said Aptible has developed a secure, cloud-based system, similar to that of Amazon or other parts of the cloud that deal with sensitive financial data. There, a mobile or software developer can upload data that Aptible will make sure stays secure, while Aptible will apply a questionnaire similar to that of TurboTax that ensures HIPAA compliance.

It does require some level of human oversight given the complexity of HIPAA, but Ballew said it’s vastly more efficient than current compliance practices, which can involve hundreds of hours with consultants that cost tens of thousands of dollars. By contrast, Ballew said Aptible can show HIPAA compliance within a day.

“It’s not entirely turnkey. There is definitely a human touch that matters, but we do make it really, really easy to demonstrate (compliance), not just say it, but show they’re in compliance,” said Ballew, who worked as an attorney on government regulatory issues.

Ballew said developer customers of Aptible have been able to land contracts with and persuade several healthcare giants, among them Johns Hopkins, Brigham and Women’s and Catholic Health East, to name a few.

Aptible charges a monthly fee for its deployment platform of about $3,500, but Ballew said that’s a fraction of what it typically costs to achieve compliance, which can run between $50,000 to $100,000 just in consulting fees. And the average HIPAA breach costs the violating entity $2 million over two years, according to Aptible, citing a Ponemon Institute 2014 Cost of Data Breach Study. The company will also maintain compliance and data storage, securely, for developers.

Ballew started the company with software engineer and CTO Frank Macreey after a blog post from Rock Health listed streamlined HIPAA compliance on a startup wish-list. Aptible is open source, so Software as a Service companies can use their own programming rather than be limited to HIPAA-specific tools.