A thought occurs to me: how would you envision this working for healthcare data governed under HIPAA? As you're probably aware, the requirement is to have PHI "encrypted at rest" and that I'm not supposed to share or transmit the data outside of my infrastructure or to that of partner companies who've signed a BAA.
My understanding of the regulatory parts of the law here is probably flawed in some way, so I apologize for that in advance, but could you go into a little detail about how that might work from a business-to-business/contracts standpoint? Like, do you guys sign BAAs at all, or are you outright going to be refusing healthcare related business/processing of PHI for some reason?
(Either answer is fine, I just want to know if this is a decent fit for HIPAA-governed data, that's all.)
My understanding of the regulatory parts of the law here is probably flawed in some way, so I apologize for that in advance, but could you go into a little detail about how that might work from a business-to-business/contracts standpoint? Like, do you guys sign BAAs at all, or are you outright going to be refusing healthcare related business/processing of PHI for some reason?
(Either answer is fine, I just want to know if this is a decent fit for HIPAA-governed data, that's all.)