The Challenge
Mountain Lake Associates (MLA), an administrative services organization in the healthcare industry, faced a common challenge in the world of Governance, Risk, and Compliance (GRC). As a healthcare administrator, MLA needed to meet rigorous compliance standards, including the demanding HIPAA HITECH and SOC2 attestation. However, like many organizations, they lacked the specialized knowledge and tools to efficiently manage their GRC requirements.
The Solution
MLA turned to a powerful trio of partners to address their GRC needs:
- ZenGRC: A comprehensive GRC platform that serves as a single source of truth for risks, controls, and procedures.
- Steel Patriot Partners: A third-party GRC implementation and cybersecurity firm with over 25 years of experience in implementing controls and procedures.
- 360 Advanced: A leading independent audit firm specializing in customized GRC consulting and audits.
The Implementation
Steel Patriot Partners took the lead in implementing ZenGRC for MLA. "If a customer does not have a GRC tool, we automatically implement ZenGRC," says Amy Ford, COO of Steel Patriot Partners. This decision proved crucial in bridging the communication gap between the GRC team and auditors.
Scott Gould, CEO of Mountain Lake Associates, recognized the value of this partnership: "I regard GRC knowledge as highly specialized. I needed Steel Patriot Partners and ZenGRC to focus on the GRC aspect, so that I could focus on what I do best, which is the administration and support of patient-oriented healthcare."
The Audit Process
When it came time for 360 Advanced to conduct the independent audit, the process was remarkably smooth. Eric Ratcliffe, Director of Compliance Strategy at 360 Advanced, noted the difference ZenGRC made: "By the time the audit gets to us, ZenGRC streamlines communications and reduces any problem areas. We want a happy client and ZenGRC helps us improve our efficiencies and reduce duplicative requests."
The platform provided auditors with a higher degree of comfort, offering clear visibility into all evidence for controls and how they tie back to framework requirements, all in a central location.
The Result
Thanks to the seamless integration of ZenGRC's platform, Steel Patriot Partners' expertise, and 360 Advanced's auditing prowess, Mountain Lake Associates achieved a remarkable feat: they obtained their HIPAA HITECH and SOC2 attestation on their very first audit attempt – an achievement that typically takes two to three tries to complete.
Key Benefits
- Streamlined Communication: ZenGRC bridged the gap between GRC teams and auditors, allowing for effective communication through an easy-to-use platform.
- Centralized Information: All risks, controls, and procedures were displayed in a single source of truth, simplifying the audit process.
- Expert Guidance: Steel Patriot Partners provided the specialized GRC knowledge that MLA needed to implement effective controls and procedures.
- Efficient Auditing: 360 Advanced was able to conduct a thorough audit with increased efficiency and reduced duplicative requests.
- Focus on Core Business: By leveraging the expertise of their partners and the ZenGRC platform, MLA's leadership could focus on their primary mission of healthcare administration.
Conclusion
This case study demonstrates the power of integrating a robust GRC platform with expert services. By uniting ZenGRC's technology, Steel Patriot Partners' implementation expertise, and 360 Advanced's auditing prowess, Mountain Lake Associates was able to navigate the complex world of healthcare compliance with remarkable success. This partnership model sets a new standard for efficient, effective GRC management in highly regulated industries.