Aptible is a one-stop powerhouse of health data-privacy compliance

With hospital chain Community Health Networks becoming a victim of major data theft yesterday, the problem of securing health data is serious.

Healthcare organizations really aren’t very good at setting up strong security against attacks, as the FBI has pointed out. This might also apply to the thousands of digital health companies that will be handling and storing health data in the future.

Aptible is a small three-person startup (one lawyer and two engineers) that helps digital health companies ready themselves to handle sensitive health data that’s entrusted to them by their health provider or health insurer clients.

The company provides an application deployment platform that helps digital health developers build privacy-compliant features into their apps and services. It provides web servers, app servers, databases, load balancers, network security, backups, encryption, and permissions. The developer then uses their choice of development tools to build the core app or service within a framework that ensures that privacy features are built-in and documented.

Digital health startups deal with a lot of anxiety around privacy. First of all, they can’t get a contract with a large medical group or hospital group if they don’t have an airtight plan for protecting health data. For the client, a legitimate concern is that a digital health vendor could compromise or mishandle the data, which could result in a lawsuit in which both parties would be named.

“Protecting the privacy of health care data is a complex undertaking, and it’s mandatory,” Aptible co-founder and chief executive Chas Ballew told VentureBeat. Ballew explained that within platforms or apps that manage health data, many different moving parts that can impact security and privacy. “We’re trying to reduce the number of moving parts for developers,” he said.

Aptible’s approach is to address the problem on multiple fronts. Apart from the technology platform, Aptible provides consulting services to clients to address specific issues. It’s also able to impart best practices that apply to all its clients. For instance, Aptible advises clients to have at least two people look at any piece of code before it goes live.

There’s also an insurance element. Aptible itself is covered by a professional liability policy, and it works with an insurer to indemnify its clients against damages from data breaches.

While digital health companies understand the importance of privacy, it’s not their core interest. They want to spend as much time as possible working on the core functions and their product’s defining features. “Every engineer has a limited amount of time to manage security,” Ballew said. “We help them by limiting the amount of things they have to be aware of.”

Aptible’s clients pay $3,500 per month with a year contract for consulting services and to use the technology platform. Aptible has been in business only for a few months and has already booked $300,000 of recurring revenue contracts, Ballew said.

The startup is currently helping digital health vendors build compliant products, but Ballew said his company is now talking to healthcare providers and insurers to help them secure health data.

Aptible is part of accelerator Y Combinator’s current class, which is graduating today after the Demo Day event in Mountain View. Another accelerator, Rock Health, just announced that it had added Aptible to its portfolio of digital health startups.