“[Being on the platform] definitely reduces friction in closing deals,” Mish said. “We can very readily point to the system processes and architecture that is in place, provide evidence of our process, and otherwise speak with great confidence in managing a future customers PHI.”
SilverStay is taking all the right steps to ensure that they are handling PHI correctly and are able to demonstrate their security posture at any point. Ultimately having HIPAA policies in place within the Ostendio platform enables Mish and his team to “sleep better at night.”
And the benefits for SilverStay are two-fold.
While establishing these policies helps close deals, it also ensures that SilverStay’s reputation. The SilverStay team knows they’re taking the right steps everyday to protect their customer’s PHI.
“Ultimately, SOC 2 is where we’d like to go,” Mish said. Adding another framework to the mix will only further demonstrate how seriously they take security.
With Ostendio’s crosswalk functionality, SilverStay will be able to cross reference what evidence they still need for SOC 2 now that they’ve taken on HIPAA, and quickly prepare for a SOC 2 audit when that time comes.
“The processes, the procedures, the tools–everything is there,” he said, adding that there is no barrier to getting started now that they have the foundation from HIPAA.
Mish advises organizations in healthcare looking to build up their security program to explore solutions backed by experts.
Attestation badges and icons on your website are great, he said, but “they don’t really protect data unless you’re running the processes.” With Ostendio, Mish says SilverStay is continuously demonstrating security.
“I feel very fortunate that we landed on [Ostendio],” Mish said. “It’s been a terrific collaboration. I think Ostendio does a great job of threading the needle–being affordable, being mindful of the budget, and providing the expert tools and resources to get it done.”