Hint Health is a technology enabled Direct Primary Care (DPC) solutions company that partners with visionary provider organizations to build successful DPC programs. The HintOS™ platform is an enterprise-grade DPC management platform that powers the largest and fastest-growing DPC organizations in the country.
Hint Health was aware of the need to operate an effective data security and risk management program before it found out about Ostendio. They were already following various standards and regulations including HIPAA, ISO27001 and SOC. Hint had been using a competitive product but became dissatisfied with both its cost and the limitations the solution offered. A problem that became more acute as their business continued to grow. As they matured their security program they realized they needed a platform that would scale with their business and allow them to showcase their security program across multiple frameworks in real-time, all the time.
The Ostendio MyVCM platform met all their growing requirements and was all-inclusive, fitting within their budget. Hint became an Ostendio MyVCM Premium customer. “One of the biggest benefits for Hint is that the security frameworks were included in Ostendio MyVCM all for one cost. I have any framework I want!” said VuDang Tran, Head of IT Security, Hint Health.
As they work towards their goal of SOC 2 Type II, Hint is using the platform to build out its security tasks, to collect and manage evidence and to organize policies and procedures. Hint has benefited from the ticket management feature, asset management, assessment feature and internal audit feature, all of which are included within the platform. Hint is also using the security training offered through the Ostendio MyVCM platform, including the bundled KnowBe4 content.
“The internal audit feature is a huge plus because I can upload my own internal assessment and store it in Ostendio MyVCM,” said VuDang Tran.
“For anyone who is not experienced with compliance, the templates for Premium policies are a great source of documentation and saved me a lot of time in building my compliance program,” said VuDang Tran.
As Head of IT Security, VuDang has noticed the time he saves by using the Ostendio MyVCM platform to prepare for audits. He likes that he can send notifications and reminders and the automated system requests updates to policies rather than taking his time to request them individually.
“One of the biggest benefits for
Hint is that the security
frameworks were included in
Ostendio MyVCM all for one
cost. I have any framework I want!”
“I know using Ostendio MyVCM will make it more efficient for me when going through an audit. The automated tracking will help me keep track of all the paperwork the auditors request."
- VuDang Tran.
VuDang says that other certifications and regulations are in Hint’s future as they build on their data security program. After just completing a SOC 2 Type I they are moving ahead and preparing for SOC 2 Type II using the Ostendio MyVCM platform track and demonstrate evidence of historical compliance. One of the biggest benefits he sees is the ability to use MyVCM Auditor Connect and work directly on the platform with his chosen auditor, A-LIGN. Together, Hint and A-LIGN are able to share real-time evidence through their respective Ostendio MyVCM platforms on the MyVCM Trust Network. When authorized the Ostendio MyVCM Trust Network enables shared access to all necessary evidence and communications. Information is real-time, always available, easy to update and optimized for collaboration. During their audit process Hint will be able to track their auditors progress in real time and the increased collaboration and efficiency has been proven to result in significant savings for both auditors and customers over the life of the audit.
“I know using Ostendio MyVCM will make it more efficient for me when going through an audit. The automated tracking will help me keep track of all the paperwork the auditors request,” said VuDang Tran.
In the future VuDang says Hint plans to add a focus to the vendor management and risk management features of the Ostendio MyVCM platform to support their broader security program.