Establishing Application Security While Navigating HIPAA Compliance

Riva Health Logo
Creating a Holistic Security Program From the Ground Up

Riva Health is a healthcare technology company founded in January 2020. Headed up by the cofounder of Siri ― yes, that Siri ― Dag Kittlaus, Riva Health is launching a new era of cardiovascular healthcare. As an app designed with innovative sensor technology, individuals will be able to take clinically validated blood pressure readings in a matter of seconds — all from their smartphone — and Riva is currently working towards FDA clearance of that technology.

The algorithms that power Riva Health were developed by cofounder, Tuhin Sinha, whose father died due to heart disease before the age of 60. This personal connection led Sinha to pursue a better way to manage and monitor heart health.

The Challenge

As a cloud-based application designed to handle sensitive healthcare information, Riva Health faced two primary security challenges. First, as a cloud-based app, it was critical to develop a secure environment to house its technology while meeting the requirements to limit potential risks found on iOS and Android. Second, collecting and storing protected health information (PHI) involves meeting specific Health Insurance Portability and Accountability Act of 1996 (HIPAA) guidelines and regulations. With 100s of pages of policy to digest and understand properly, this large undertaking presents numerous pitfalls that could derail its platform’s approval or lead to significant penalties in the future.

The Solution

From the beginning, Riva Health knew it couldn’t get its product to the market on its own without substantial delays — no matter how talented its internal team was. Understanding that cybersecurity is a holistic investment in its business, it didn’t want to cut any corners when it came to expertise and customer service.

Riva Health knew its needs were unique, and its status as a startup presented different challenges compared to other well-established companies. When it came to CDG, it was finally able to find a cybersecurity partner that was both technologically proficient and flexible in providing a personalized customer experience every step of the way.

Through CDG’s white-glove approach, we were able to integrate seamlessly and become an extension of the Riva Health team. In doing so, we got to understand its exact needs, timelines, and goals. Due to this, CDG was able to put in place customized security solutions that fit the requirements for its application — creating a secure cloud-based environment to operate within. Alongside this, we helped Riva Health understand and meet the complex HIPAA compliance laws that affected its business and the customers it serves.

Riva Health and CDG continue their cybersecurity partnership as healthcare-related companies are some of the most targeted organizations by cybercriminals. This is in addition to the hardship of constantly evolving HIPAA regulations that change regularly, meaning HIPAA-compliant businesses need to be adaptable and compliant ready with short turnaround times.

As our partner and client, Riva Health sees the value in working with the best when it comes to cybersecurity because it isn’t an obligation — it’s a tool for success.

“With CDG, there were a lot of early signals that they cared about us. There was trust-building throughout the partnership, and it felt like they were a part of our team. What happens with a lot of external partners is that it always feels like they are a third party and that can be detrimental to the relationship … CDG continues to prove that we made the right decision.”

Cybersecurity Should be an Advantage, not a Cost Center. Let’s Get to Work.