emocha Health Case Study

About the company:

emocha empowers patients to take every dose of medication through video technology and scalable human engagement. Patients use a smartphone application to report side effects, communicate with providers, and video record themselves taking medication at every dose. Providers or emocha's clinical adherence team assess medication adherence and engage with patients at every dose.

Finding the right tool for growing security requirements

As a fast-growing company, emocha needed to build a data security program that would keep up with its business as it expanded. Dealing with patient data meant that a robust information security program was crucial to their success. Customers were requesting security information and sending security questionnaires to be filled in. To meet their requirements the emocha team selected the Ostendio MyVCM platform for an always-on security program.

“Ostendio offered everything we needed at a price point that worked for our growing business,” said Michael Cohen, Chief Architect for emocha. Initially a MyVCM Select customer, emocha has since stepped up their security program and become a MyVCM Premium customer. This allows them to take advantage of additional features designed to help with their SOC 2 preparation and audit.

Ramon Castro, CTO at emocha added, “Ostendio has been a key part in helping to mature our processes as part of our growth strategy.” emocha has also engaged the Ostendio Professional Services team to help them prepare for a SOC 2 Type II audit.

Efficiency brought to the security process

Before using Ostendio, emocha was like many other companies using spreadsheets and email to handle document management and training. By upgrading to an integrated risk management tool, emocha has seen the benefits that can bring. Cohen added, “There were a lot of manual processes that were occurring, and using Ostendio MyVCM has freed up some time that otherwise would be  used for something more mundane.” Without Ostendio MyVCM, Cohen says emocha would be using multiple platforms to complete the same work.

Ramon Castro emocha

“Ostendio has been a key part in
helping to mature our processes
as part of our growth strategy.”

— Ramon Castro, CTO

Student Loan Co.

  • No. of employees: 50-100
  • Year established: 2014
  • Industry: Healthcare technology
  • Frameworks: HIPAA, SOC 2
  • Ostendio customer since: 2020
  • Location: Baltimore, MD
  • Website:

“We chose Ostendio for our

SOC 2 preparation because the MyVCM platform makes it easy to organize documentation and evidence, plus
we can work with an auditor directly in the platform," said Castro.

A feature-rich solution supporting multiple data security requirements

emocha knew they had many requirements and they were looking for a feature-rich solution to meet their needs. At first, they were focused on a platform that could just handle change management in their production environment and the Document Management module of Ostendio MyVCM met their needs seamlessly.

But they quickly realized they needed help in many other areas also, such as security training, particularly with regards to HIPAA. By using the Ostendio MyVCM platform they found it easy to implement training courses across the company. Training can be run for all employees and includes tracking so they know who has taken and passed the training, and when updates to training are required.

Inventory management was also a challenge that the emocha team faced before they found the Ostendio MyVCM platform. Once implemented, they were able to use the Ostendio MyVCM Asset Management module to allocate assets to each employee and keep track of ownership.

And as a growing business, emocha also needed to respond to multiple customer security audits and planned to complete their own SOC2. Since the Ostendio MyVCM Assessment module supports over 100 security standards and regulations, upgrading to MyVCM Premium was a logical next step for this health tech company.

Castro added, “[Ostendio MyVCM] helps keep us very organized and adherent to controls and processes that we need to
consider as we deal with PHI, PII and to operate in line with HIPAA regulations.”

Finding one solution to meet all their needs has made the process of data security more efficient for emocha.


Using Ostendio Professional Services to support a SOC 2

Castro is focused on growing emocha’s business and its platform strategy for the future. For an early-stage company such as emocha, there was an overhead to running security processes internally, and continually updating them manually was time-consuming. Where larger companies might have employees solely focused on internal audits, start-up companies often require their IT team to carry the main responsibility of handling data security. Castro knew emocha needed a more efficient way of handling their data security program that would grow with their business and that’s why they selected the always-on Ostendio MyVCM platform to help.

Castro added, “When doing business with large enterprises they want to see documentation and policies. It becomes a big ask over time and each company has a unique set of questions.” By using the Ostendio MyVCM platform, emocha is simplifying that process and making it easier to quickly respond to customer requests for security documentation.

emocha sees the benefits of a SOC audit in their future as they mature their data security program. By working with the Ostendio Professional Services team they have the additional expertise on hand to start the preparation for this intensive audit process. "We chose Ostendio for our SOC 2 preparation because the MyVCM platform makes it easy to organize documentation and evidence, plus we can work with an auditor directly in the platform," said Castro.

emocha is using MyVCM Auditor Connect to select an experienced auditor who also uses the platform. This will make the audit process more efficient with significant time and cost savings. MyVCM Auditor Connect is the first online marketplace for companies to connect and engage with qualified security audit firms. Evidence is always available, easy to update, and optimized for collaboration. Customers being audited can track progress in real-time.

By using the always-on Ostendio MyVCM platform, emocha is maturing its security program, and growing its business with a built-in culture of security.