Situation
For healthcare technology companies like Centauri Health Solutions, information security has always been a priority, but different clients want and need different types of assurance that their data is in safe hands. As a result, Centauri has undergone HITRUST validated assessments every year since 2017 and SOC audits since 2019.
While this could prove to be a massive and time-consuming undertaking for such a large and complex organization, Centauri works with Wipfli, a firm that can do more than just keep up. Wipfli’s biggest differentiator is its ability to coordinate complex engagements — making sure all the different pieces are done efficiently and with the least amount of stress on Centauri’s team.
Things weren’t always so complex. Centauri first partnered with Wipfli back when the organization was much smaller and was looking to get certified in the brand-new HITRUST CSF® program. Wipfli was one of the first firms to become a HITRUST Authorized External Assessor.
“When we first set out to get HITRUST certified, we had no idea what it meant,” said James McNabb, IT Security Manager at Centauri. “Finding a partner in Wipfli, who could walk us through what the controls meant and how they related to what we were doing, and then perform a gap assessment — that was a major strength. The best thing we did was bring Wipfli in to help.”
Since Centauri began working with Wipfli, they’ve continued to grow rapidly, adding not only new locations but also new business units. It became necessary to roll these units under multiple HITRUST validated assessments, as well as add SOC 1 and then SOC 2 to the picture.
Centauri’s satisfaction with Wipfli as a HITRUST assessor made it an easy decision to come to the firm with its SOC needs. Because it uses the same audit firm and because the audits cross the same services, Centauri experiences significant savings in time, money and resources.
Strategy
Needless to say, Centauri’s third-party assurance requirements are significant, but Wipfli has helped work out a process that continues to improve year after year.
Planning is the biggest component of the combined effort. Each year, the Wipfli team sits down with Centauri to plan out needs and requirements, learn what’s changed in Centauri’s controls, lay out a detailed schedule for the various assessments and audits and, overall, coordinate them in a way that doesn’t lead to excessive on-site visits and evidence requests. Performing all this planning work upfront allows a much faster and smoother execution of the timeline, and the effort is well worth it.
“We appreciate that Wipfli has taken the time to learn our business. Instead of having to explain how we operate each year, we only have to tell them what’s changed,” said James. “Having the same team come back year after year makes things easier and saves us a lot of time.”
When the time does come for execution, Wipfli again stands out. Because Wipfli’s field team is cross-trained, HITRUST and SOC work that overlaps can be done at the same time without needing to send out additional people.
Results
The main benefit of performing HITRUST assessments and SOC audits is complying with client requests for these assurances. This is also applicable when Centauri pursues new business. When responding to RFPs, its HITRUST certification, as well as its ability to provide SOC 1 and SOC 2 reports, provides a competitive advantage over other vendors.
Another benefit that might not immediately come to mind, but is also important, is the impact on Centauri’s security program — namely, how HITRUST and SOC have helped it continue to build maturity and consistency into the program.
James said, “With these audits and the findings that come out of them, my organization has put a lot more focus on security and compliance, which has garnered my program more funds, availability and visibility to the organization. We have grown, and our processes have gotten better.”
He believes this wouldn’t have happened as quickly without HITRUST, SOC and the Wipfli team.
Clients can rest assured their data is in safe hands with Centauri and that the organization is committed to security now and into the future. Wipfli will continue to be there as a resource and auditor for Centauri, making the process easier, faster and less stressful.
Client profile
Centauri Health Solutions is a healthcare technology company powered by sophisticated analytics. Our reimbursement-focused services and unparalleled expertise lead to more accurate payment rates; a reduction in uncompensated care; transparent provider pricing; and quality measurement compliance.
