How Neurosynaptic embraced compliance automation to swiftly complete HIPAA and ISO27001 audits
India-based Neurosynaptic develops telemedicine solutions enabling real-time doctor-patient consultations. Applied, they make quality care available to all, especially communities with limited to no access to quality health care. Neurosynaptic partners with healthcare companies, hospitals, and governments worldwide on various healthcare programs.
HIPAA
ISO 27001
India
5 sessions
Time to implement both ISO27001 and HIPAA standards
2 weeks
Time to complete ISO27001 and HIPAA audits and receive certifications
Ready to get started?
Challenge
Precision-focused telemedicine products built by Neurosynaptic help doctors and medical workers collect and store detailed patient health information (PHI) for accurate diagnosis and effective treatment. Given this nature, demonstrating high standards of data security and privacy are essential to attracting interest and driving large-scale product adoption.
While Neurosynaptic builds products and platforms with security-first principles, proving alignment with standards like HIPAA and ISO27001 – both universally regarded and recognized – would allow them to engage partners, healthcare providers, and civil institutions confidently.
Having undergone CE certification and ISO13458 certification audits in the past, both of which demanded high degrees of involvement and manual effort, Neurosynaptic preferred to rely on technology to monitor compliance with HIPAA and ISO27001 standards across digital touchpoints.
“Technology streamlines and ensures everything is in place,” says Rajeev Kumar, cofounder at Neurosynaptic. “We’ve had many audits; they’re not technology-based. So, I know how arduous they can be. Technology simplifies the process.”
Neurosynaptic selected Sprinto after thoroughly evaluating various compliance automation solutions.
Platform capabilities aside, Sprinto’s guided approach and exceptional support made sense for our small team lacking security compliance expertise.
Solution
As the first step, Neurosynaptic collaborated with Sprinto compliance experts to define their audit scope for HIPAA and ISO27001. This included identifying all objects and safeguards, such as personnel, systems, code, and products, that access or impact patient health information, particularly its security and privacy.
Given there is substantial overlap in the controls required to demonstrate HIPAA and ISO27001 compliance, Neurosynaptic chose to implement both standards simultaneously. By mapping common controls and monitoring compliance against both centrally on Sprinto, Neurosynaptic could collect audit evidence for HIPAA and ISO27001 in one go. “This was an efficient way of tackling compliances,” remembers Rajeev.
After integrating Sprinto with their AWS, Github, Jira, GSuite, and other cloud applications, Neurosynaptic deployed Sprinto’s pre-built automated workflows and configured alters to monitor their environment for HIPAA and ISO27001 compliance. “Sprinto ensures compliance tasks are assigned to the right person and completed in time,” notes Rajeev. “While few things need to be done manually – like making changes to Git configurations or setting up MFA on user accounts – it was the system that prompted what needed to be done and by whom. In that way, Sprinto holds you accountable for your compliance part,” he adds.
Neurosynaptic completed HIPAA and ISO27001 implementation in 5 expert-guided sessions and launched into compliance monitoring for audits. Fixing instances of non-compliance and addressing vulnerabilities highlighted in the VAPT assessment were key tasks after that. Rajeev notes,
Whenever we got stuck, we used Sprinto’s help articles. Our account manager helped resolve the rest over calls and emails. The support offered was exceptional.
Results
Post implementation, Neurosynaptic completed both HIPAA and ISO27001 audits simultaneously in less than 2 weeks.
Using the audit dashboard on Sprinto, Neurosynaptic could share audit evidence against both standards – many of which were common – easily and efficiently. “It was an overarching audit and did not involve back and forth,” recounts Rajeev, “The whole thing was incredibly straightforward and smooth.”
By mapping and monitoring controls common to both, Neurosynaptic reduced a lot of compliance fatigue. Automated evidence collection against both standards ensured there was no audit fatigue as well. “I don’t remember doing any additional work. We handled both standards seamlessly,” notes Rajeev.
Neurosynaptic’s HIPAA and ISO27001 certifications are helping them close pending projects and also secure new business, especially from government entities requiring strict compliance.
Today, Sprinto’s streamlined compliance workflows ensure Neurosynaptic is operating in a compliant-by-default manner. Rajeev remarks, “we have clear protocols and mechanisms around activities like employee onboarding, off-boarding, and access management. These used to be dealt with ad-hoc and haphazardly. Not anymore.”
Sprinto adds a lot of incremental value to your operations. It allows you to cover more base and helps improve operational workflows.