How Neurosynaptic embraced compliance automation to swiftly complete HIPAA and ISO27001 audits
India-based Neurosynaptic develops telemedicine solutions enabling real-time doctor-patient consultations. Applied, they make quality care available to all, especially communities with limited to no access to quality health care. Neurosynaptic partners with healthcare companies, hospitals, and governments worldwide on various healthcare programs.
-
HIPAA
-
ISO 27001
-
India
-
5 sessions
Time to implement both ISO27001 and HIPAA standards
-
2 weeks
Time to complete ISO27001 and HIPAA audits and receive certifications
Ready to get
started?
Challenge
Precision-focused telemedicine products built by Neurosynaptic help doctors and medical workers collect and store detailed patient health information (PHI) for accurate diagnosis and effective treatment. Given this nature, demonstrating high standards of data security and privacy are essential to attracting interest and driving large-scale product adoption.
While Neurosynaptic builds products and platforms with security-first principles, proving alignment with standards like HIPAA and ISO27001 β both universally regarded and recognized β would allow them to engage partners, healthcare providers, and civil institutions confidently.
Having undergone CE certification and ISO13458 certification audits in the past, both of which demanded high degrees of involvement and manual effort, Neurosynaptic preferred to rely on technology to monitor compliance with HIPAA and ISO27001 standards across digital touchpoints.
βTechnology streamlines and ensures everything is in place,β says Rajeev Kumar, cofounder at Neurosynaptic. βWeβve had many audits; theyβre not technology-based. So, I know how arduous they can be. Technology simplifies the process.β
Neurosynaptic selected Sprinto after thoroughly evaluating various compliance automation solutions.
Platform capabilities aside, Sprintoβs guided approach and exceptional support made sense for our small team lacking security compliance expertise.
Solution
As the first step, Neurosynaptic collaborated with Sprinto compliance experts to define their audit scope for HIPAA and ISO27001. This included identifying all objects and safeguards, such as personnel, systems, code, and products, that access or impact patient health information, particularly its security and privacy.
Given there is substantial overlap in the controls required to demonstrate HIPAA and ISO27001 compliance, Neurosynaptic chose to implement both standards simultaneously. By mapping common controls and monitoring compliance against both centrally on Sprinto, Neurosynaptic could collect audit evidence for HIPAA and ISO27001 in one go. βThis was an efficient way of tackling compliances,β remembers Rajeev.
After integrating Sprinto with their AWS, Github, Jira, GSuite, and other cloud applications, Neurosynaptic deployed Sprintoβs pre-built automated workflows and configured alters to monitor their environment for HIPAA and ISO27001 compliance. βSprinto ensures compliance tasks are assigned to the right person and completed in time,β notes Rajeev. βWhile few things need to be done manually β like making changes to Git configurations or setting up MFA on user accounts β it was the system that prompted what needed to be done and by whom. In that way, Sprinto holds you accountable for your compliance part,β he adds.
Neurosynaptic completed HIPAA and ISO27001 implementation in 5 expert-guided sessions and launched into compliance monitoring for audits. Fixing instances of non-compliance and addressing vulnerabilities highlighted in the VAPT assessment were key tasks after that. Rajeev notes,
Whenever we got stuck, we used Sprintoβs help articles. Our account manager helped resolve the rest over calls and emails. The support offered was exceptional.
Results
Post implementation, Neurosynaptic completed both HIPAA and ISO27001 audits simultaneously in less than 2 weeks.
Using the audit dashboard on Sprinto, Neurosynaptic could share audit evidence against both standards β many of which were common β easily and efficiently. βIt was an overarching audit and did not involve back and forth,β recounts Rajeev, βThe whole thing was incredibly straightforward and smooth.β
By mapping and monitoring controls common to both, Neurosynaptic reduced a lot of compliance fatigue. Automated evidence collection against both standards ensured there was no audit fatigue as well. βI donβt remember doing any additional work. We handled both standards seamlessly,β notes Rajeev.
Neurosynapticβs HIPAA and ISO27001 certifications are helping them close pending projects and also secure new business, especially from government entities requiring strict compliance.
Today, Sprintoβs streamlined compliance workflows ensure Neurosynaptic is operating in a compliant-by-default manner. Rajeev remarks, βwe have clear protocols and mechanisms around activities like employee onboarding, off-boarding, and access management. These used to be dealt with ad-hoc and haphazardly. Not anymore.β
Sprinto adds a lot of incremental value to your operations. It allows you to cover more base and helps improve operational workflows.
