Frequently Asked Questions

Why do I need a managed services provider (MSP) for my cloud infrastructure?

plus-iconMinus Icon

Most organizations are short-staffed when it comes to managing their cloud infrastructure. This can cause delays in application development and support. In addition, most organizations do not have the cloud expertise to effectively build and manage a HIPAA-compliant cloud infrastructure.

Inexperience can cause cloud services to be deployed incorrectly, causing reliability or scaling issues, and, even worse, HIPAA data breaches. A trusted healthcare MSP can ensure that your cloud services are designed, built, and managed properly, so you can focus on what you do best: your application.

What is Cloudticity's experience?

plus-iconMinus Icon

We have many firsts on the cloud, including the first patient portal deployed to the cloud, the first successful Meaningful Use II attestation for a large hospital system, the first health information exchange (HIE) deployed on the cloud, and the only FISMA-High workload on AWS GovCloud.

We are the only company in the world to have the unique combination of the following credentials:

  • HITRUST Certification
  • Microsoft Azure Gold Cloud Partner
  • AWS Audited Managed Services Provider
  • AWS Healthcare Competency
  • AWS DevOps Competency
  • AWS Public Sector Partner
  • AWS Authorized Commercial and Government Reseller
  • AWS GovCloud Authorized Partner
  • Three AWS Service Delivery Partner designations: EC2 Systems Manager, Service Catalog, and QuickSight

How is Cloudticity different from other AWS and Azure managed services providers (MSPs)?

plus-iconMinus Icon

At Cloudticity, we start everything with automation, and have been doing so since day one. This is a groundbreaking advantage because our platform, Cloudticity Oxygen™, allows fully HIPAA-compliant cloud services to be deployed in minutes instead of days or weeks.

This fully automated hosting platform is the most important difference. Other MSPs that claim to be automated tend to be manual behind the scenes. We’ll typically know if something is wrong with your infrastructure and fix the issue before you know anything is wrong.

We have many firsts on AWS, including the first patient portal deployed to the platform, the first successful Meaningful Use II attestation on the cloud, the first health information exchange (HIE) deployed on the cloud, and the only FISMA-High workload on GovCloud.

We are the only company in the world to have the unique combination of the following credentials:

  • HITRUST Certification
  • Microsoft Azure Gold Cloud Partner
  • Microsoft Azure Gold Application Integration
  • Microsoft Azure Gold Application Development
  • Microsoft Azure Silver DevOps
  • Microsoft Azure Silver Data Analytics
  • AWS Audited Managed Services Provider
  • AWS Healthcare Competency
  • AWS DevOps Competency
  • AWS Public Sector Partner
  • AWS Authorized Commercial and Government Reseller
  • AWS GovCloud Authorized Partner
  • Three AWS Service Delivery Partner designations: EC2 Systems Manager, Service Catalog, and QuickSight

Has Cloudticity or its systems ever experienced a security breach?

plus-iconMinus Icon

No system under our management has ever experienced a HIPAA breach or violation.

Why should I use a healthcare-exclusive MSP for my cloud infrastructure?

plus-iconMinus Icon

Healthcare is a highly regulated industry, with requirements that change often and affect compliance. Generalist MSPs often lack the resources and expertise to keep up with ever-changing regulatory requirements. 

Generalist MSPs are also not as experienced in deploying and maintaining a HIPAA-compliant server infrastructure. Inexperience leads to mistakes, which can lead to a data breach. In fact, we have found that most healthcare organizations that use generalist MSPs are not fully HIPAA compliant when it comes to their server infrastructure.

What are the consequences of a HIPAA data breach?

plus-iconMinus Icon

HIPAA data breaches can be an end of life event for a company. Studies have shown that most small- and medium-size companies go out of business within six months of a data breach.

The average cost of a healthcare data breach in 2018 was $408 per patient record, according to a study conducted by the Ponemon Institute on behalf of IBM Security. The combination of federal and state fines, class action lawsuits, and bad press can be too much for an organization to overcome.

When it comes to HIPAA data, how does Cloudticity interface with cloud service providers (CSPs) and clients? Who manages the information relationship with the CSP?

plus-iconMinus Icon

Cloudticity is an AWS and Azure reseller and audited managed services provider. We maintain the relationship and business associate agreement (BAA) with each client, and also manage the interaction and interface with the CSPs.

Can Cloudticity help with my HITRUST Certification journey?

plus-iconMinus Icon

Yes. Cloudticity is HITRUST Certified, and you can inherit many of Cloudticity's HITRUST controls. The Cloudticity HITRUST Inheritance Program provides a path for healthcare organizations to become fully HITRUST certified in a matter of months at a fraction of the cost of the traditional route.

Many providers and payers require technology vendors to be HITRUST certified.

In addition, a number of insurance companies have already mandated this as well. These new developments have left healthcare technology companies scrambling to achieve HITRUST certification. Cloudticity saw this trend coming well in advance and created a solution to help you meet your aggressive HITRUST goals.

Does Cloudticity offer professional services on the cloud?

plus-iconMinus Icon

Yes. Cloudticity’s professional services team provides application architecture, cloud migrations, and data lake builds, as well as building rational DevOps practices that leverage cloud infrastructure as code.

We have an exceptionally strong DevOps practice, so we can help customers build integration pipelines, deployment pipelines, full automation of code deployments, infrastructure deployments, and more.

Does Cloudticity offer a business associate agreement (BAA)?

plus-iconMinus Icon

Yes. Cloudticity offers a comprehensive BAA. Cloudticity will also sign your BAA. Learn more about obtaining a BAA.

Does Cloudticity offer cloud migration services?

plus-iconMinus Icon

Yes. Cloudticity has performed many migrations to AWS and Azure with no downtime to the customer's end users. The key to a successful cloud migration is proper planning. Cloudticity is happy to speak with you about a customized migration plan.

What is the full scope of services from Cloudticity Oxygen™?

plus-iconMinus Icon

The HITRUST-certified Cloudticity OxygenTM platform is a fully managed service that offers workloads specifically designed for HIPAA on AWS and Azure. Oxygen has three pillars:

  • Managed services include a 24/7 help desk, full-system monitoring, and automation of routine tasks such as patching and backups. Most help desk tickets are resolved through automation.
  • Managed compliance includes thousands of continuous compliance checks of both AWS and OS configurations, mapped to HIPAA CFRs and HITRUST CSF requirements with automated remediations.
  • Managed security includes a full HITRUST-certified security operations center, including intrusion detection and prevention, log monitoring, file integrity monitoring, and real-time malware prevention.

Cloudticity Oxygen is a fully managed service. What other services or platforms does Cloudticity offer if we don't need a fully managed service?

plus-iconMinus Icon

Cloudticity Oxygen is a full package, meaning clients can't turn pieces on and off, other than the optional addition of Trend Micro Deep Security (which is highly recommended). Oxygen is applied at the AWS account level, meaning clients can have multiple accounts and choose to have Cloudticity manage a subset of them.

What does the transition for onboarding/offboarding clients look like?

plus-iconMinus Icon

Cloudticity Oxygen is a full package, meaning clients can't turn pieces on and off, other than the optional addition of Trend Micro Deep Security (which is highly recommended). Oxygen is applied at the AWS account level, meaning clients can have multiple accounts and choose to have Cloudticity manage a subset of them.

What level of design support does Cloudticity offer?

plus-iconMinus Icon

Cloudticity's professional services team offers deep expertise in advanced cloud technologies as they apply to healthcare workloads, centered around four practice areas:

  1. Migration to AWS and/or Azure
  2. Optimization of application architecture to become cloud-native, leveraging modern architecture techniques and cloud-native services
  3. DevSecOps automation
  4. Healthcare data ingestion, management, and analytics at scale, including data lakes, BI analytics, visualization, and artificial intelligence/machine learning

Does it matter which development language we use?

plus-iconMinus Icon

Cloudticity is language- and technology-agnostic, so feel free to use whatever programming languages and environments make sense for your team and applications.

What is the best architecture for disaster recovery in small, single regions?

plus-iconMinus Icon

We will need to perform an architectural assessment that factors in parameters such as required recovery time objective (RTO) and recovery point objective (RPO). Cloudticity always recommends redundant components deployed across multiple availability zones within any particular region, so that failure of an individual component doesn't necessarily result in overall system failure.

In addition, we have standard patterns for self-healing systems, such as the use of auto-scaling groups that recreate failed EC2 instances automatically.

Is Cloudticity’s development outsourced or done in-house?

plus-iconMinus Icon

Cloudticity does not use contractors for client-facing work. We limit the use of outsourcers to administrative tasks such as marketing, documentation, and website maintenance. 

All client-facing Cloudticity personnel are full-time employees, US citizens who have passed complete background checks. Most employees maintain US government secret-level clearance for the work we do with the Department of Veterans Affairs.

Have you done any projects with the US government? Are you able to meet the US government’s security standards?

plus-iconMinus Icon

Cloudticity does extensive work with the VA on GovCloud and manages the only FISMA-High workload ever deployed to that environment. As a result, most of our technical staff maintain US government secret-level clearance to work on that project.

Service, Technology, And Security Partners

 

We work with select partners to deliver unmatched solutions for healthcare organizations.

 

CS_Logo_2022_Stacked_Full-Red_RGB PANW_Parent_Brand_Primary_Logo_RGB aws-logo-280 Microsoft-Logo Google_Cloud_Partner_no_outline_horizontal logo-zendesk hitrust-logo-r-color-1