Case Study: Securing HITRUST Certification

About Jvion

Jvion helps healthcare systems prevent patient harm and associated costs by enabling clinical staff to focus attention, resources, and individualized interventions on patients whose outcomes can be improved.

Unlike traditional Artificial Intelligence (AI) and predictive analytic solutions that merely identify high-risk patients and cause alarm fatigue, Jvion pinpoints the impactable patients who are on a risk trajectory that can be changed and provides the patient-specific recommendations that will drive to a better outcome.

The Challenge

Jvion’s CORE™, a scalable prescriptive clinical-AI intelligence repository that aggregates structured and unstructured data, augments customer information with clinical, socioeconomic, and experiential data from 30 million individuals, and applies sophisticated algorithms to find correlations and inferences that matter, has been deployed across over 300 hospitals, payers, and pharmacy benefit managers. Jvion wanted to demonstrate to their customers that they were committed to keeping ePHI safe by demonstrating compliance with the most widely adopted security framework in the U.S. healthcare industry – HITRUST CSF.

The Approach

CompliancePoint was engaged by Jvion to assist with preparation for the HITRUST CSF Assessment process and to perform a validated assessment demonstrating Jvion’s compliance with the HITRUST CSF control requirements.

CompliancePoint started by working with Jvion to do a Readiness Assessment comparing Jvion’s policies, procedures, and implemented controls against the expected HITRUST requirements. The Readiness Assessment is designed to give the organization an accurate assessment of their information security controls as compared to the HITRUST CSF standards.

The Readiness Assessment provided Jvion with a report showing the compliance status for each of over 200 HITRUST controls, which allowed CompliancePoint and Jvion to identify controls that could be enhanced to further strengthen security and meet the HITRUST standards. CompliancePoint prepared a detailed corrective action plan to help Jvion address identified opportunities. Throughout the remediation process, CompliancePoint and Jvion held regular meetings to address questions and help ensure the remediation plan was on track. CompliancePoint provided Jvion with ongoing feedback on the HITRUST documentation requirements to ensure Jvion received the maximum credit for their strong control environment.

The Readiness Assessment also identified an opportunity to improve the documentation of the policies supporting the implementation of the required controls. CompliancePoint’s policy team used their extensive experience in drafting HITRUST compliant policies to assist Jvion with developing policy documents that meet the HITRUST standards. CompliancePoint then performed a validated assessment of Jvion’s environment, which included interviews with key personnel, sampling of control implementation, and evaluation of over 200 pieces of evidence supporting Jvion’s implementation of the required controls.

CompliancePoint assisted Jvion in identifying evidence that provided the best support for their implementation of the required controls. CompliancePoint worked with Jvion to help ensure the evidence provided gave a complete and accurate assessment of the robust control infrastructure surrounding the Jvion CORE product. Once both Jvion and CompliancePoint were satisfied the assessment presented an accurate portrait of Jvion’s security, the assessment was submitted to HITRUST.

CompliancePoint continued to work with HITRUST to assist in the assessment process, and HITRUST agreed that Jvion had met the requirements of the HITRUST CSF and was now HITRUST CSF Certified. HITRUST CSF Certified demonstrates that Jvion CORE has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places Jvion in an elite group of organizations worldwide that have earned this certification.

 

“Not only did CompliancePoint make the initial certification significantly easier to navigate, but their common sense approach to setting up and maintaining security and compliance operations have saved Jvion significant time and money while providing peace of mind.”

Ryan Brantley
Director, Platform Engineering & TechOps


 

Results and Benefits

The Jvion CORE HITRUST CSF certification allows Jvion to demonstrate to both their existing and new clients their commitment to protecting ePHI. Since achieving HITRUST compliance, Jvion has partnered with Augusta University to launch an AI-powered COVID-19 “Back to Work” Assessment and is leveraging AI to help states and businesses re-open safely using its suite of COVID-19 resources.

 

The Path to Your HITRUST Certification


 

Identify

Gap Assessments

Our HITRUST experts evaluate your organization and provide you with detailed guidance on any areas requiring remediation before you begin the HITRUST assessment process.

 

Mitigate

Advisory Services

Our experts will work with you to implement the necessary policies and procedures to prepare you to successfully obtain your HITRUST certification..

 

Manage

Compliance Monitoring

We will demonstrate your commitment to information security by working with you to present a well-documented validated assessment to HITRUST.

Once you’re HITRUST Certified, our HITRUST Management Program ensures you’re prepared to maintain your certification for years to come.


 

Our HITRUST Scoping Guide can help you get started with your HITRUST journey.

HITRUST Scoping Guide

Let us help you identify any information security risks or compliance gaps that may be threatening your business or its valued data assets. Businesses in every industry face scrutiny for how they handle sensitive data including customer and prospect information.