August 06, 2018

Compare HIPAA-Compliant Geocoding Providers

A quick rundown of options for HIPAA-Compliant Geocoding

Addresses, even if they are detached from patient names, are one of the 18 types of Personal Health Information (PHI) that are covered under HIPAA. According to the regulations:

All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if according to the current publicly available data from the Bureau of the Census:

The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and,

The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.

Additionally, in order to process patient data, a company must sign a Business Associate Agreement (BAA) that lays out the ways the vendor is required to safeguard patient privacy.

Many geocoders will not sign these agreements and are not HIPAA compliant. This includes most of the major players like Google Maps Platform, Bing Maps, HERE and Mapquest. A full list of geocoders that are not HIPAA compliant is below.

This prevents a challenge for companies and organizations in the health industry, as there have historically been limited options on the market.

To make it easier for companies to select a HIPAA-compliant geocoder, this article compares them to the extent possible using publicly-available information. The HIPAA-compliant geocoders currently on the market are Geocodio+HIPAA, Maptitude, MelissaData, and Esri.

HIPAA-Compliant Geocoders

Geocodio+HIPAA

Geocodio+HIPAA is a mirror of the regular Geocodio product, re-engineered to meet the strict security and privacy requirements of HIPAA. Geocodio is unique in that there are no restrictions on storing, caching, or transforming the results once returned. (Most geocoders prohibit storing their data.)

Pricing: Geocodio+HIPAA has one plan, Unlimited.

  • Unlimited: Entitles the user to a dedicated instance of the Geocodio platform, capable of processing up to 4.8M lookups per day. $2,500/month without commitment, or $1,500/month with annual commitment.
  • Custom enterprise solutions such as on-premises are available.

Features

  • Formats: API and spreadsheet upload (cloud-based)
  • Data types available: HIPAA-compliant geocoding, reverse geocoding, Congressional districts and legislator contact information, state legislative districts, timezones, school districts, and Census data (blocks, FIPS codes, MSAs/CSAs)

Maptitude

According to Maptitude, their service is HIPAA-compliant since it runs offline on your own machine. It is essentially an offline version of Tableau.

Pricing: Starts at $695 per user per year; yearly updates are $395. Additional upgrades, such as upgrading to the cloud platform, are additional. See full pricing.

Formats: Software for download; cloud (not HIPAA compliant)

MelissaData

MelissaData is a data vendor that provides identity verification and contact data quality services. According to a 2017 press release, their services are HIPAA-compliant. They have two separate geocoding services: a forward geocoder and a reverse geocoder.

Pricing: MelissaData’s pricing is split by the quality of the data returned: rooftop (the exact parcel) and ZIP+4 (neighborhood). See full pricing details here.

  • Rooftop: Starts at $9/1,000, minimum order size $150
  • ZIP+4: Starts at $6/1,000, minimum order size $60

Features

Formats: Cloud-based, software for download, or FTP

Data types: Geocoding, reverse geocoding, Census tracts and blocks, FIPS codes, CBSA division levels, codes, and titles

Esri

Long the dominant player in the GIS world, Esri has two HIPAA-compliant options: ArcGIS on premises, and Spatialitics Health.

According to Esri’s head of health and human services practices, only ArcGis’ on-premises enterprise solution is HIPAA-compliant. Esri does not make the pricing for this transparently available, but according to the Esri community this starts at $30,000/year.

Spatialitics Health is a cloud-based solution powered by Esri. It is akin to Tableau but specifically for the health field. The product just launched in June and does not make their pricing information publicly available.

Not HIPAA Compliant