Case Study 1: Digital Health Vendor

Client commitment drove a digital health vendor to raise the bar on their compliance program. HITRUST certification was a must for growth and to meet service goals, too. Luckily, they had Chris Apgar and Julia Huddleston of Apgar & Associates.

A former client CFO recommended Chris and Julia to assess the technology company’s compliance program. When the technology client said that they were going for HITRUST with follow-up plans to pursue SOC 2, Apgar & Associates came up with the roadmap for preparation.

First, they revisited the compliance program, conducting a policy gap analysis and security risk analysis. Those revealed the need to:

  • revamp the policy and procedure development process
  • implement stronger access control
  • tighten physical security safeguards
  • standardize change management processes
  • train workforce on updated policies, procedures and protocols

Currently, the digital health company is on the path to compliance and has achieved HITRUST certification. Julia,a Certified Information Privacy Manager as well as a Certified Information Privacy Professional, is guiding the team in SOC 2 preparedness. Much like HITRUST, requirements for SOC 2 are stringent, requiring annual reassessment to assure ongoing compliance.

Apgar & Associates enjoys an ongoing relationship with the health technology client, working with them on privacy and security action plans and objectives, such as fulfilling security risk assessment documentation from their healthcare clients.

For help with your compliance program or certification readiness, contact Apgar & Associates today.