ENGINEERING

Meeting Healthcare Analytics Needs with HIPAA and SOC Compliance

Alev Viggio

Compliance Manager, Sigma

The healthcare industry is one of the largest and fastest growing industries. In fact, according to Healthcare Service Global Market Opportunities Report” its global estimate is over $8 trillion today. Not only is the healthcare sector the largest employer in the US, but patient health data is skyrocketing too. The volume of healthcare data is projected to be over 2300 exabytes of data this year and will increase 48% annually1.

Now that’s a lot of data!

If your organization manages, processes or stores healthcare data (e.g., health insurance providers, pharmaceuticals, blood banks, health and fitness applications, genetic testing centers, medical and educational institutions, billing services, medical manufacturers, etc.), then you’ll want to explore and analyze this data.

Fortunately, Sigma Computing is now HIPAA compliant. We can help healthcare organizations with their regulatory and compliance requirements. Along with the attestation from a third-party audit, our product is designed with security in mind. One of the distinctions with Sigma’s application is the single point of access to your cloud data warehouse. The connection is direct and secure and provides query to live data. Since there is no data extraction—no data is ever moved, copied, cached or stored. The customer’s administrator defines access and permission levels and can restrict data from the database or even to row-level granularity.

The Sigma Spreadsheet interface is easy to use. That means anyone in your organization, with authorized access, can query data live against your data warehouse to analyze large datasets within minutes. It is scalable— meaning billions of rows of healthcare data that can be leveraged to make improvements, gain insights, and realize efficiencies.

$8T

The global estimate of the healthcare industry in 2020. 

What is HIPAA compliance?

The Health Insurance Portability and Accountability Act (HIPAA) provides the framework to address the security and privacy controls of protected health information (PHI). Since Sigma achieved HIPAA compliance, we’ve met the stringent list of requirements to maintain reasonable and appropriate administrative, technical, and physical safeguards of the HIPAA Security Rule.

HIPPA technical, physical, and administrative safeguards required to meet compliance. 

In order to comply with HIPAA, all Covered Entities are required to have a signed Business Associate Agreement (BAA) with any business associate that they hire and may come in contact with PHI.

For more information on signing a BAA, please reach out to your Sigma account executive.

What is SOC 1, SOC 2, SOC 3?

Sigma is committed to security and we’ve built an extensive security program to ensure we meet and exceed industry standards. We are SOC 1 Type II, SOC 2 Type II, and SOC 3 compliant and undergo an independent third party audit annually. Service Organization Control (SOC) reports are becoming more popular in data security, compliance discussions, and security reviews.

SOC reports are governed by the American Institute of Certified Public Accountants (AICPA). It offers assurance that the controls service organizations put in place to protect clients assets/data are effective. The basis for a SOC is how an organization secures customer data and how efficiently these controls are operating.

Each one of these reports serves a different purpose:

  • SOC 1 – the focus of service organization’s internal controls that can impact a customer’s financial statements.
  • SOC 2 – framework for determining whether a service organization’s controls and practices are effective in protecting the privacy and security of customer data. Since it includes detailed information, it is a restricted report and requires a Non-Disclosure Agreement before sharing.
  • SOC 3 – general use reports which provides a summary of the information from the SOC 2 report


For more information about our security and privacy practices, or to request a HIPAA audit report or SOC 1, SOC 2 report for Sigma, please contact your account executive. The SOC 3 report is also available on our website.