Back to Resources

How A Leading Healthcare Company Stays HIPAA-Compliant with MetaRouter

Integrating marketing and analytical tools with HIPAA is no small feat. With regulations around audits, remediation plans, staff training, documentation, formal Business Associate Agreements (BAAs), and even incident plans, HIPAA is one of the most stringent regulations in effect.

MetaRouter Case Study - How A Leading Healthcare Company Stays HIPAA-Compliant with MetaRouter

Share with others

How A Leading HealthcareCompany Stays HIPAA-Compliant with MetaRouter

Integrating marketing and analytical tools with HIPAAa is no small feat. With regulations around audits, remediation plans, staff training, documentation, formal Business Associate Agreements (BAAs), and even incident plans, HIPAA is one of the most stringent regulations in effect.Any organization managing protected health information (PHI)—or performing services for a covered entity handling PHI—can’t use the typical SaaS tools for marketing and analytics unless those tools are alsoHIPAA compliant, which is almost never the case.

Simply put, sharing customer data in a high compliance world is sometimes impossible and always risky.

The Challenge with HIPAA

One of our partners, McGaw, provides marketing stack and automation, funnel optimization, and analytics and metrics for big name brands like Kissmetrics, Forks over Knives, Funding Circle, and more. One of their clients in the healthcare industry needed a HIPAA-compliant data routing platform. They couldn't fine one...

Specifically, their client wanted to stream customer data—which contained PHI—to tools like Google Analytics and Amplitude, while also storing a copy in Amazon Simple Storage Service (S3) for internal use. This required a HIPAA compliant data routing platform willing to sign a BAA.

Of course, even asking for a signed BAA is somewhat risky: at the end of the day, an organization is still putting compliance in the hand of a third party and losing control. What our client really wanted was easy, reliable, and compliant integration.

That's where MetaRouter came in.

The MetaRouter Solution

When a client is HIPAA compliant, MetaRouter is HIPPA compliant. The entire platform is designed to be deployed on any private cloud, with their direct data access removed, placing governance completely in the hands of an organization.

Our insurer could, then, deploy MetaRouter on their private Amazon Web Services (AWS) instance and leverage MetaRouter's proprietary server-side integration library, keeping all the data processing and transportation secure from collection to delivery. They could even redact or encrypt parts of the data payload in transit, for some or all of the destinations, right from the platform.

This approach eliminated the risk of a HIPAA breach so completely that they didn’t even require MetaRouter to sign a BAA. And because MetaRouter is cloud and message-queue agnostic, it fits neatly into their existing system and vendor preferences.

Thanks to MetaRouter's secure-by-design approach, this HIPAA compliant health organization knows that their PHI is in good handsM their own.