Establishing Application Security While Navigating HIPAA Compliance
Creating a Holistic Security Program From the Ground Up
Riva Health is a digital cardiology platform founded in January 2020. Headed up by the cofounder of Siri ― yes, that Siri ― Dag Kittlaus. Riva Health is launching a new era of cardiovascular healthcare, using mobile technology and AI to drastically improve hypertension management. As an app designed with innovative sensor technology, individuals will be able to take clinically validated blood pressure readings in a matter of seconds — all from their smartphone — and Riva Health is currently working towards FDA clearance of that technology.
The algorithms that power Riva Health were developed by cofounder, Tuhin Sinha, whose father died due to heart disease before the age of 60. This personal connection led Sinha to pursue a better way to manage and monitor heart health.
The Challenge
As a cloud-based application designed to handle sensitive healthcare information, Riva Health faced two primary security challenges. First, as a cloud-based app, it was critical to develop a secure environment to house its technology while meeting the requirements to limit potential risks found on iOS and Android. Second, collecting and storing protected health information (PHI) involves meeting specific Health Insurance Portability and Accountability Act of 1996 (HIPAA) guidelines and regulations. With 100s of pages of policy to digest and understand properly, this large undertaking presents numerous pitfalls that could derail its platform’s approval or lead to significant penalties in the future.
The Solution
From the beginning, Riva Health knew it couldn’t get its product to the market on its own without substantial delays — no matter how talented its internal team was. Understanding that cybersecurity is a strategic investment in business, they didn’t want to cut any corners when it came to expertise and customer service.
Riva Health knew their needs were unique, and its status as a startup presented different challenges compared to other well-established companies. When it came to Cyber Defense Group, they were finally able to find a cybersecurity partner that was both technologically proficient and flexible in providing a personalized customer experience at every stage.
Cyber Defense Group’s comprehensive approach to vCISO services facilitated seamless integration, effectively becoming an extension of the Riva Health team. In doing so, they got to understand its exact needs, timelines, and goals. As a result, Cyber Defense Group successfully implemented tailored cybersecurity solutions that met Riva Health’s application needs, establishing a secure cloud-based environment for operations. As well as helped Riva Health understand and meet the complex HIPAA compliance laws that affected its business and the customers it serves.
Riva Health and Cyber Defense Group are extending their cybersecurity alliance, recognizing healthcare companies as prime targets for cyberattacks. Moreover, the challenge lies in navigating the ever-changing landscape of HIPAA regulations, requiring HIPAA-compliant entities to swiftly adapt and ensure compliance with stringent deadlines.
As our partner and client, Riva Health sees the value in working with the best when it comes to cybersecurity because it isn’t an obligation — it’s a tool for success.
“With Cyber Defense Group, there were a lot of early signals that they cared about us. There was trust-building throughout the partnership, and it felt like they were a part of our team. What happens with a lot of external partners is that it always feels like they are a third party and that can be detrimental to the relationship… Cyber Defense Group continues to prove that we made the right decision.”