Home Aptible Files IPO Prospectus: HIPAA-Compliant Cloud Platform for Healthcare Startups

Aptible Files IPO Prospectus: HIPAA-Compliant Cloud Platform for Healthcare Startups

Jun 23, 2015 08:02 CST Updated 08:02

In today’s rapidly advancing digital healthcare landscape, data security has become a major concern. HIPAA refers to the U.S. Health Insurance Portability and Accountability Act of 1996. The primary objectives of this legislation are to ensure continuous health insurance coverage for individuals, safeguard the confidentiality and security of medical information, and help the healthcare industry control administrative costs.

In the United States, healthcare companies must comply with HIPAA standards when storing customer identity and health information, which requires signing Business Associate Agreements (BAAs). Their clients include hospitals, insurance companies, and large enterprises. Achieving HIPAA compliance demands additional human and material resources, such as querying internal corporate databases and submitting various documents and explanatory materials, making the process quite cumbersome.

Driven by substantial market demand, Chas Ballew and Frank Macreery founded Aptible in San Francisco in 2013, dedicating the company to helping healthcare organizations achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA). Within just a few months of its product launch, the company secured $300,000 in orders.

Aptible enables clients to build scalable, compliant private cloud platforms. This is crucial for mobile health companies, as they cannot establish partnerships with healthcare institutions or physicians if their products fail to guarantee data privacy protection. Furthermore, Aptible has entered into agreements with professional insurance providers, ensuring that losses resulting from data breaches can be compensated through legal channels.

Aptible's Core Technologies
Process:
1. Upload the code to Git (an open-source distributed version control system);
2. Selecting Languages, Frameworks, and Databases
3. Manage data resources using an intuitive web dashboard or by writing command-line instructions
4. Real-time Status Monitoring and Audit Report Generation
This Git-based workflow enables Aptible to integrate seamlessly with Travis CI, CircleCI, or other continuous integration tools.

360截图20150621053848545

Network:
Each Aptible-customized account’s resources are deployed within a dedicated, isolated network, with strict access controls and permission reviews required for any application access or data retrieval.
The database is further isolated within a private subnet, addressable only within that network, and accessible exclusively through the account’s own application or verified channels.

Path:
Each Aptible account can receive its own configured load balancer, ensuring that the customer’s own traffic always takes priority.

image002
Container:
Aptible uses Docker containers to serve each customer's stack, with each container being a lightweight virtual machine that can be used to run instances of applications or databases.
If the code is from Heroku, users need to add the number of Heroku dynos and databases to estimate the total number of containers required. For example, if two web processes, two worker processes, and one PostgreSQL database are used, the user will need 5 containers.

image004

Aptible Product Line
Aptible has two core products: the Deployment Platform and the Compliance Engine. The Deployment Platform helps business operations engineers at client companies run modern web architectures in secure, privacy-focused, PHI-compliant cloud environments; the Compliance Engine provides comprehensive risk, security, and HIPAA compliance management services.

image006
(Deployment Platform) (Compliance Engine)
Aptible focuses on deploying corresponding web and mobile application platforms with an emphasis on privacy and security. It creates a private, secure environment for client companies' code, enabling customers to run programming languages, frameworks, and databases within this environment.
Aptible primarily develops back-end infrastructure required for the secure hosting and delivery of applications, including products such as web services, application services, databases, load balancers, network security, data backup and encryption, and access control. Leveraging these products, customers can develop customized tools, design app cores, or engineer other services within a HIPAA-compliant framework.

The company’s compliance engine enables customers to implement a comprehensive HIPAA compliance program at a fraction of the traditional cost. This allows engineers to focus on coding without the burden of infrastructure documentation and management.

Pathways to Achieving HIPAA Compliance
Aptible isolates and mitigates security risks while running applications and databases. As Aptible executes customer-deployed workflows, its compliance verification engine streamlines every aspect of HIPAA privacy, security, and non-compliance processes.

Methods
1. Continuous Auditing: Establish government audit agreements and customize protocols for mobile health companies, enabling the company’s compliance API to continuously assess the status of user systems, thereby ensuring that clients’ compliance certifications never expire.
2. Concise Tool: The compliance engine is simple and straightforward, making it easy to understand the HIPAA regulations.
3. Automated Documentation: Built-in audit and logging tools minimize manual operations at every step, thereby making efficient use of valuable time.

image007
Advantages:
1. Short turnaround time: Security reviews for key accounts take only a few days;
2. Automated Compliance Evidence: Using Aptible can reduce manual compliance burden by 90%;
3. Reduce and isolate security vulnerabilities: running infrastructure enables customers to focus on application-layer issues;
4. Risk Capture: Effectively report risk assessments to superiors, the board of directors, and business partners;
5. Integrated Security Plan: Easily integrate third-party security solutions for operations and documentation;
6. Seamless Integration: Simple integration requiring only the addition of a single file to the codebase. No dedicated API, no migration fees, and no development-to-production gap.
7. No Lock-in: Designed for Your Workflow: If engineers are familiar with Heroku, they can use Aptible: simply push code to a remote Git repository, then configure and manage resources via the command line or web dashboard.
8. One-stop HIPAA compliance: Compliance tools integrate directly into the operations of running applications or databases, saving time and money.

Founder

image009
Chas Ballew, Co-founder & CEO
Chas is an attorney specializing in government regulation. Prior to founding Aptible, he served as Counsel to the Office of the Army General Counsel in Washington, D.C. He holds degrees from Princeton University and the University of Michigan Law School.
Frank Macreery, Co-founder & CTO
Frank is an experienced software developer and architect who worked at Give Real, XGraph (acquired by Clearspring), and Artsy before founding Aptible. He graduated from Princeton University with a degree in Computer Science.

Financing and Profitability
In July 2014, Aptible secured $120,000 in seed funding from Y Combinator, followed by an undisclosed additional seed investment from Fresh VC and Rock Health in August.

Aptible adopts a phased pricing model. During the early R&D stage, it operates on a pay-as-you-go basis with variable pricing. In the platform stage, which includes costs such as setting up Protected Health Information (PHI) interfaces, the fee is $499 per month. In the later product stage, pricing is customized based on client needs. Aptible’s annual contract costs $3,499 per month. While this price may seem steep at first glance, the actual cost of achieving HIPAA compliance is far higher. Typically, HIPAA compliance incurs consulting costs ranging from $500,000 to $1 million for a company, along with up to 200 hours of labor, and requires annual updates. In contrast, Aptible enables a company to approach HIPAA compliance in just an afternoon. Another company that joined Rock Health around the same time, Accountable, also focuses on HIPAA-compliant solutions; please refer toAccountable Case

(Editor: Zhang Nan)

For more information on VCBeat’s “Series Reports: 30 Most Promising Healthcare Startups to Watch in 2015,” please click the link “Series Report: Master Index