Achieving and sustaining HIPAA compliance: Superbio’s success with Sprinto
Superbio.ai, a Palo Alto-based startup, is democratizing AI in life sciences. It offers a comprehensive and accessible enterprise-grade app ecosystem featuring cutting-edge AI models and tools specifically designed for medical institutions and research centers. Their AI-enabled platform empowers medical researchers, scientists, and clinicians everywhere to accelerate scientific breakthroughs and improve care outcomes.
Key requirements:
- A comprehensive platform for organizing a robust HIPAA compliance program.
- Expert advisory and support throughout the implementation journey.
Sprinto solution:
- Structured HIPAA program implementation with a tiered organization of key tasks, automated control testing, and continuous control validation to ensure ongoing HIPAA compliance.
HIPAA
USA
Key win:
Continuous compliance ensured through ongoing monitoring of HIPAA controls.
Ready to get started?
Challenge: Navigating the complexities of HIPAA
Because their AI platform processes a vast volume of protected health information (PHI), including personal health records (PHR), Superbio needed to ensure secure data handling in compliance with HIPAA security and privacy rules. “The stakes are high because HIPAA violations have serious consequences,” shares Berke Buyukkucak, Co-founder and CEO of Superbio. “Handling sensitive data carries the risk of unintended harm. Personally and professionally, compliance is crucial to safeguarding both our reputation and our customers’ interests.”
Due to a lack of expertise and limited knowledge of HIPAA, Superbio sought an expert partner to navigate its complexities. They initially turned to Drata, a security compliance software, but found the support lacking — a factor they valued most in a compliance partner. “We had to halt our journey midway. Drata’s limited support made it difficult to navigate the platform and various compliance tasks,” Berke shares.
Considering a security consultant proved costly, with quotes as high as $250,000, which was impractical for their company’s scale. “We had to turn to a software solution,” Berke emphasized.
In Sprinto, Berke found a dependable compliance partner. “Expert guidance and support were crucial. We also needed startup-friendly pricing to approach the process reasonably, both of which Sprinto provided perfectly.”
Sprinto looked and worked like Drata but with the assurance of support. From sales to kickoff to checklist completion and platform interaction, Sprinto’s professionalism and efficiency stood out. While other platforms like Drata and Vanta may be larger, I didn’t notice any difference in capability or user experience.
Solution: Structured program and automated management
Superbio restarted its compliance journey with a Sprinto expert-led security audit, risk assessment, and gap analysis to identify HIPAA deficiencies and key tasks.
For optimal efficiency, all actions were preceded by right-sizing efforts. With potential time drains clearly identified, Superbio worked with their Sprinto CSM to structure compliance tasks for timely and seamless completion. “Tasks like data encryption in transit are complex,” shared Berke. “Without a CTO, we had to figure these out ourselves, but we were committed to doing it right.”
Right at the start, we identified time-consuming tasks like staff training and policy writing because we wanted to do this at our own pace. Sprinto helped us structure this as needed.
In compliance with HIPAA’s security rule, Superbio implemented essential technical and tactical safeguards for PHI, aided by Sprinto’s automated control checks and workflows. “Privacy frameworks require high human involvement, like working with lawyers on policies, but tracking and monitoring these activities on Sprinto provided the most value. Sprinto kept us on track, showing how our efforts were impacting compliance. With that kind of clarity, we reached 60% readiness in the first week,” Berke explains.
The platform’s value lies in its automation, especially in monitoring and tracking controls.
Results: Complete, continuous compliance
Superbio achieved 90% HIPAA compliance in under three months. “We are moving at a comfortable pace, but we’re happy to see we’re above the 90% compliance mark on Sprinto. This reassures us that we’re on the right track,” remarks Berke.
Superbio now feels more confident engaging with customers as compliant business associates (BAs), knowing they can demonstrate their compliance posture as and when needed. “We are eager to show our trust center to customers so they can see our security and compliance efforts,” he adds.
With compliance demystified, Berke reflects on the journey. “We could have done this with the right partners all along. I wish we had started sooner. Compliance provides a great framework for growing and scaling your organization,” he says.
Sprinto is designed to give you dopamine spikes when you see the green [control] checks. The platform keeps you motivated to do the right things.