Kinetik evaluated several HITRUST solution providers before landing at Ostendio.
Aaron said “there were a lot of starts and stops with different companies” during their search for a consultant. What made Ostendio stand out was not only its nuanced advice and HITRUST policy and procedure writing, but also the maturity of its risk management platform.
“I was looking for something that had a certain level of maturity and more importantly [a company] that could provide the required support to keep Kinetik moving at 500 miles an hour,” Aaron said.
From start to finish, Ostendio and Kinetik worked together on scoping, selecting an auditor, conducting a gap analysis, policy and procedure writing, and finally, evidence collection and testing.
“Ostendio was bringing the experience of managing the project and writing up policies and procedures for HITRUST,” Aaron said, adding that Ostendio completed these policies in an impressive 90-day timeline.
Aaron also credits Kinetik’s use of Ostendio’s platform for streamlining the documentation and acknowledgement of these policies and procedures. Kinetik was also able to easily collaborate with the auditor on HITRUST procedures directly within the Ostendio platform, eliminating the need to upload evidence to portals or via email.
When Kinetik’s HITRUST project hit a roadblock and we were required to change auditing firms, Ostendio enabled Kinetik to easily pivot and select another auditor, A-LIGN, from Ostendio’s Trust Network of audit partners.
“To have any measure of success, you need to have a concrete plan,” Aaron said. He said that Ostendio’s planning, project management and ability to set clear expectations helped Kinetik overcome any potential challenges. “Ostendio stayed on top of the timeline and managed expectations as we went along,” he said. “They also assumed responsibility for managing to A-LIGN’s project timeline.”