By: Jonah Comstock | Mar 18, 2014
Less than a year after COO and chief information security officer Grant Elliott left Voxiva to found his own company, Washington, DC-based Ostendio, it has launched its first product, MyVirtualComplianceManager (myVCM), in open beta. The product is a software-as-a-service offering currently aimed at helping health IT companies better achieve and prove HIPAA compliance. Elliott said it came directly out of his experience at Voxiva.
“[At Voxiva] I learned a huge amount about [HIPAA] itself, working with lawyers, specialists, and peers throughout the industry to develop that knowledge,” Elliott told MobiHealthNews. “What became clear to me during that process as I continued to evolve Voxiva’s information security system is we were not only developing a compliance managing program above and beyond most of the organizations in the space (and we got that feedback from many many customers of ours) but it seemed to be there weren’t very many tools in the marketplace that could help people like ourselves, and there were lots for larger enterprise companies.”
MyVCM is aimed at small to medium businesses that might not have as many resources to devote to HIPAA compliance as larger enterprises. It’s priced competitively to appeal to those smaller businesses — it starts at $20 a month.
The recent HIPAA omnibus rule made it clear that business associates of hospitals — including the IT vendors Ostendio markets to — will share liability for mismanaged data and be subject to HIPAA audits. Because of the possibility of audits, companies need to not only manage patient health information in a HIPAA-compliant way, but also need to have a “paper trail” that proves they’ve done so.
As such, MyVCM helps organizations manage training, update policy documents, and complete risk assessments. It also keeps records documenting that all those steps have been taken. Elliott says the software will help companies in the event of a HIPAA audit, but it also allows them to confidently and quickly assert their HIPAA compliance to a potential partner.
To read the full article click here.
This article first appeared in Mobihealthnews.com on March 18, 2014.