Case Study

How Ostendio Helped Kinetik
Reduce HITRUST Timeline by 50%

Kinetik Logo

 

Challenges

  • In search of a HITRUST consultant who could accelerate HITRUST prep to certification within 6-12 months

  • Young organization faced with a complex, rigorous security framework

  • Needed to expand market reach in a niche industry while demonstrating stringent security requirements were met

Solution

  • Partnered with an experienced team of HITRUST consultants who tailored policies and procedures to Kinetik’s unique business structure

  • Always-on security and risk management software that made auditor collaboration easy

  • Concrete HITRUST plan built from start to finish to ensure all possible roadblocks were addressed and nothing was missed

Results

  • Received HITRUST certification within 12 months from start to finish, half of the time it typically takes to complete

  • Achieved a passing HITRUST score on the initial assessment

  • Was able to expand market reach quickly

Solution provided by Ostendio, the only data security platform provider licensed by HITRUST.

HITRUST - Authorized Readiness Licensee

The Challenge

In search of an experienced HITRUST consultancy firm and auditor that could tailor to a niche market and keep up with a fast-paced timeline without leaving anything to chance

Kinetik, a software company focused on delivering digital non-emergency healthcare transportation across the U.S., was in the process of expanding its market reach by partnering with more national insurance companies. This expansion would allow the company’s partners to offer more medical transportation options to patients.

In order to expand their reach, Kinetik needed to demonstrate that its digital infrastructure met stringent data security requirements. That’s why they turned to HITRUST.

“Getting HITRUST certified was a strategic decision to expand our market reach, and we needed it as a steppingstone to do that,” said Aaron Oboh, Chief Information Officer at Kinetik.

The HITRUST reputation is built on a rigorous process that requires organizations to adhere to many security and privacy best practices. This process is a laborious task for most organizations, especially those in the startup space.

Aaron said he originally had a goal of getting Kinetik certified within 6 months, an aggressive timeline from the standard HITRUST 24-month schedule. That doesn’t mean Kinetik was looking for quick fixes or ways to automate tasks.

Kinetik was not only seeking a solutions partner that could accelerate this project schedule, but also seeking a partner experienced in HITRUST that would get the job done right.

The Solution

Partnered with a HITRUST-authorized integrated risk management platform provider, who shared a collective goal to get Kinetik to a HITRUST certification

Kinetik evaluated several HITRUST solution providers before landing at Ostendio.

Aaron said “there were a lot of starts and stops with different companies” during their search for a consultant. What made Ostendio stand out was not only its nuanced advice and HITRUST policy and procedure writing, but also the maturity of its risk management platform.

“I was looking for something that had a certain level of maturity and more importantly [a company] that could provide the required support to keep Kinetik moving at 500 miles an hour,” Aaron said.

From start to finish, Ostendio and Kinetik worked together on scoping, selecting an auditor, conducting a gap analysis, policy and procedure writing, and finally, evidence collection and testing.

“Ostendio was bringing the experience of managing the project and writing up policies and procedures for HITRUST,” Aaron said, adding that Ostendio completed these policies in an impressive 90-day timeline.

Aaron also credits Kinetik’s use of Ostendio’s platform for streamlining the documentation and acknowledgement of these policies and procedures. Kinetik was also able to easily collaborate with the auditor on HITRUST procedures directly within the Ostendio platform, eliminating the need to upload evidence to portals or via email.

When Kinetik’s HITRUST project hit a roadblock and we were required to change auditing firms, Ostendio enabled Kinetik to easily pivot and select another auditor, A-LIGN, from Ostendio’s Trust Network of audit partners.

“To have any measure of success, you need to have a concrete plan,” Aaron said. He said that Ostendio’s planning, project management and ability to set clear expectations helped Kinetik overcome any potential challenges. “Ostendio stayed on top of the timeline and managed expectations as we went along,” he said. “They also assumed responsibility for managing to A-LIGN’s project timeline.”

12

Months to Achieve HITRUST Certification

50%

Time Savings on Average HITRUST Timelime

The Result

Kinetik Saved 50% Of Time On HITRUST Certification Within Their Aggressive 12-month Timeline

Kinetik achieved HITRUST certification within 12 months - half the time of the industry average of the standard 20-24 months HITRUST pre-readiness certification.

Not only did the accelerated timeline not compromise security or the integrity of the audit, they also received a passing score from A-LIGN, who was impressed with their HITRUST readiness and evidence collection.

“[HITRUST] is such a very deep and complex subject matter,” Aaron said. “You can’t wing it. You either know it, or you don’t know it. I was looking for a [solutions provider] that would sit down at the table with me and discuss those challenges and where we are in our maturity level.”

As opposed to standard, “check-the-box” GRC providers, Aaron said that working with Ostendio had “the feeling of a partnership,” explaining that the Ostendio team brought a perfect blend of expertise and integrity to the table.

Kinetik continues to leverage Ostendio’s platform to manage their documentation, acknowledgement, critical assets, and training. Aaron says the built-in scalability of the platform, including crosswalk capabilities across multiple frameworks and ease of onboarding, has helped Kinetik as they grow their team and service offerings.

“[HITRUST] is such a very deep and complex subject matter. You can’t wing it. You either know it, or you don’t know it. I was looking for a [solutions provider] that would sit down at the table with me and discuss those challenges and where we are in our maturity level.”

Aaron Oboh
Aaron Oboh, Chief Information Officer, Kinetik

About Kinetik

At Kinetik, we are reimagining the way Non-Emergency Medical Transportation (NEMT) works. We have partnered with Health Plans, Brokers, and Transportation Providers nationwide to develop the largest digitally integrated healthcare transportation network in the country.

Get HITRUST-Ready

Ostendio is the only risk management platform provider licensed by HITRUST, to help you strengthen your business operations and everyone you rely on with continuous security.

HITRUST - Authorized Readiness Licensee