Case Study
How Artemis Health Took on HITRUST by Leveraging Hyperproof to Truly Operationalize Compliance
Frameworks
HITRUST e1
//
HITRUST r2
//
SOC 2 Type II
Artemis Health by Nomi Health is a software company that empowers U.S. employers and their advisors and payers to optimize health benefits using data. Artemis’s mission is to reduce healthcare costs, and the platform provides rich benefits analytics to employers to help them make better, more informed benefits decisions. With Artemis, companies can spend less time deciding on the right healthcare decisions and more time acting on them.
Product Used: Compliance Operations Module, Risk Register Module
Quick Facts: Healthcare technology provider, Salt Lake City, Utah
100+ hours of audit prep time saved
30 hours a week saved by automating evidence collection
50% reduction in time spent on manual processes
The Challenge
Navigating regulatory scrutiny in the healthcare industry
Artemis Health handles sensitive patient data and must comply with HIPAA and SOC 2 Type II regulations. To enhance their compliance, Kathleen McNaughton and her five-person team adopted HITRUST e1, with the goal of becoming HITRUST r2 compliant. They spent hundreds of hours preparing for their SOC 2 audit and HITRUST r2 assessments and they needed to streamline their workflows.
Lack of clarity on control operations and gap to HITRUST r2
“Compliance was somewhat of a mystery to our team,” says McNaughton. “They knew we had controls and what they were, but they didn’t understand the full scope of our controls and how they all work together.” Artemis Health was managing their efforts in spreadsheets and Jira, which provided almost no insight into how they were progressing to achieve HITRUST r2. This cost them even more time and resources and was one of the key factors that led them to search for a solution.
Hindered in responding to company needs for HITRUST r2
Artemis Health had already achieved SOC 2 Type II compliance, and leadership asked them to understand what it would take to get to HITRUST e1. To give a clear answer, they needed to understand the overlap between the controls they already had for SOC 2 and what was required for HISTRUST e1.
Broken manual processes and reactive control management
Before implementing Hyperproof, Artemis Health used manual processes for compliance and audits. “A lot of my work was done in Jira,” says McNaughton. “It was hard to track control status, and we only created tickets when auditors requested evidence. I had to manually transfer evidence from Jira to the auditor’s system, which was very time-consuming.” This process became even more cumbersome for McNaughton as they pursued HITRUST r2 compliance, adding complexity and manual work.
Systems prevented clear reporting to leadership
Artemis Health needed better communication and reporting for compliance status and remediation efforts. Spreadsheets lacked detail and real-time insights. “Using Jira, we couldn’t provide status updates or report clearly to leadership,” says McNaughton. This limited visibility hindered decision-making and strategic planning, prompting Artemis Health to seek a new solution.
Why They Love Hyperproof
100+ hours of audit prep time saved
30 hours a week saved by automating evidence collection
50% reduction in time spent on manual processes
Hyperproof is a next-level risk and compliance operations platform. It’s saved us so much time.
Kathleen McNaughton
Security & Compliance Engineer // Artemis Health
The Solution
Centralized control management and visibility
By using Hyperproof as its control command center, Artemis Health’s teams can streamline workflows and foster a cohesive approach to compliance management across the organization. Since implementation, the team has seen a huge improvement in efficiency. They are even leveraging these learnings to train the compliance team at their parent company, Nomi Health.“Hyperproof helps our team understand how all of our controls are working together and how they’re responsible for controls,” says McNaughton. “They also understand exactly how the controls they’re responsible for impact other controls and pieces across the company. They all truly work together.”
By centralizing all controls within the platform and establishing links between them, Hyperproof enables our teams to visualize the interrelation of controls and understand their responsibilities better.
Kathleen McNaughton
Security & Compliance Engineer //
Artemis Health
Hyperproof has alleviated the burden of understanding our compliance posture so we can pursue HITRUST r2 in a much more efficient way.
Kathleen McNaughton
Security & Compliance Engineer //
Artemis Health
Crosswalking controls across frameworks to jumpstart HITRUST r2 compliance
Artemis Health chose Hyperproof for its Jumpstart feature, which identifies common controls across frameworks and automatically crosswalks them to reduce manual work. As they assessed the gap between SOC 2 and HITRUST r2, Hyperproof helped them avoid duplicating efforts by providing a clear view of control overlaps. This enabled Artemis to prioritize and streamline their efforts towards HITRUST r2 compliance efficiently.
Automated evidence collection with Hypersyncs
Hyperproof’s automated evidence collection is crucial for Artemis Health. Using the Hypersync feature, McNaughton and her team have reduced audit preparation time and effort. “I love not having to ask for evidence repeatedly. The process is now fully automated,” says McNaughton. Hypersync automatically collects and verifies relevant evidence, eliminating manual collection. “One of my favorite things about Hyperproof is linking everything together, making it easy for anyone to see associations,” adds McNaughton.
Hyperproof’s Hypersyncs make my life so much easier by streamlining evidence collection.
Kathleen McNaughton
Security & Compliance Engineer //
Artemis Health
Hyperproof gave me my time back. It’s amazing.
Kathleen McNaughton
Security & Compliance Engineer //
Artemis Health
Operationalizing the audit process and working alongside the auditor
Implementing Hyperproof streamlined Artemis Health’s compliance processes, reducing McNaughton’s audit preparation time and effort. “With Hyperproof, I consistently see our controls and their statuses,” says McNaughton. “During audits, I can invite auditors to our Hyperproof instance, avoiding manual evidence transfers. It saves so much time and effort.” Auditors have a dedicated space in Hyperproof, so Artemis Health only shares necessary access.
Enhanced compliance visibility
The Hyperproof platform provides complete visibility into Artemis Health’s compliance status, with real-time insights and reporting capabilities. “Hyperproof has a wonderful dashboard that tells you how many controls in your program exist, what you’re meeting, what’s in progress, and what’s at risk,” says McNaughton. “The best part is that it’s all framed in a way that’s easy for leadership to understand without additional explanation.” Hyperproof’s intuitive dashboard offers a comprehensive overview of Artemis Health’s control status, program status, control status, ongoing audit progress, a risk heat map, and much more. This visibility empowers Artemis Health to communicate effectively to senior leadership, fostering informed decision-making and strategic planning.
Hyperproof’s dashboards and modules have truly revolutionized the way we talk about GRC.
Kathleen McNaughton
Security & Compliance Engineer //
Artemis Health
My experience with Hyperproof’s Customer Success team has been amazing.
Kathleen McNaughton
Security & Compliance Engineer //
Artemis Health
Friendly, responsive, and helpful customer support
McNaughton has relied on Hyperproof’s Customer Success team to streamline compliance and request new features. “My experience with their team has been amazing,” says McNaughton. “From day one, they’ve answered questions within minutes.” Artemis Health chose Hyperproof to help shape the platform’s features. They have direct access to Hyperproof’s team via Slack, email, and regular syncs to provide input. “Hyperproof does their homework so you don’t have to,” McNaughton adds.
Ensuring future compliance success
Hyperproof streamlines compliance processes and enhances visibility, allowing Artemis Health to allocate resources effectively, reduce overheads, and mitigate risks. This builds customer trust and enhances their market reputation. Artemis Health plans to continue using Hyperproof to refine their compliance program, meet evolving healthcare regulations, and achieve certifications like HITRUST r2. By aligning compliance with business objectives and leveraging Hyperproof’s capabilities, Artemis Health is well-positioned for sustained success and growth.
Ready to take command of your compliance and risk operations?
To see the Hyperproof platform in action, schedule a demo with our team today.