Latest news with #HITRUST
Business Journals
5 hours ago
- Business
- Business Journals
The hidden cyber risk you're probably ignoring: User access reviews
Poorly managed user access reviews don't just jeopardize audit outcomes; they create pathways for data breaches, fraud, operational inefficiencies, regulatory fines and reputational damage. Despite these risks, many organizations struggle with timely, thorough and precise execution, or worse, they skip these reviews altogether. Far from trivial, this 'routine' process plays a pivotal role in broader cybersecurity and risk management strategies. Access reviews serve as a frontline defense, ensuring that only authorized individuals have appropriate access to systems and data, and help prevent privilege escalation, insider threats and vulnerabilities that could compromise an organization's security posture. User access reviews are essential for maintaining compliance with a wide range of frameworks, including SOX, PCI DSS, ISO 27001, SOC 2, HITRUST, NIST 800-53 & 171, HIPAA, GDPR and others. A well-executed access review helps reduce the risk of: Individuals having unauthorized or inappropriate access based on their role. Excessive access that creates segregation of duties conflicts. This guide provides an eight-step process for establishing and conducting a quality access review that will satisfy multiple compliance frameworks. Step 1: Identify relevant compliance frameworks and standards that require an access review Before identifying compliance requirements, organizations should begin with a clear strategy for their access review process. This includes understanding the overarching goals, such as reducing security risk, maintaining regulatory compliance, enhancing operational efficiency or supporting audit readiness. With this strategic direction in mind, organizations can then determine which regulations and standards they must adhere to. This will help establish the frequency, scope, control ownership and documentation requirements of the review. In the absence of a specified frequency, a risk-based approach should be used to determine how often reviews should occur. The following factors should be considered: Minimum required frequency to meet compliance requirements Complexity of the access within the system Volume of accounts and frequency of access changes Significance of the data stored within the system History of errors Effectiveness of preventive provisioning and termination controls Inherent risks of processes being supported by the systems Step 2: Identify the information systems in scope Determine which systems (i.e., applications, tools, database management systems, operating systems/servers and network domains) require an access review. This could include enterprise and/or financial applications, PaaS (Platform as a Service), database management systems, operating systems/servers, identity and access management (IAM) systems, source code migration and development tools, facilities and infrastructure components. Ultimately, the scope should be driven by the relevance and significance of the underlying data and/or system function governed by the system. Step 3: Assign ownership Clearly define who is responsible for: 1. Generating the information used in the reviews, and 2. Coordinating and/or executing the review and remediating any exceptions identified. Tip: Consider leveraging an off-the shelf tool to assist with automating and tracking reviews. Step 4: Generate the access listings Generate a complete and accurate listing of accounts from each system. Consider automating these reports for efficiency. The access listings should be granular enough so that the reviewer can see what role and/or permissions are assigned to each account. Provide enough details in the review documents so reviewers can make informed decisions. Some examples are below: expand Frazier & Deeter Tip: Retain documentation for how all access listings were generated (i.e. menus, reports, parameters, queries, time/date stamps, etc.). Explain any exclusions such as inactive accounts or accounts with read-only access. If the report is automated, include evidence that the underlying queries have not been modified. Step 5: Train the reviewers Provide clear expectations, guidelines, timelines and definitions for reviewers to reference. Ensure roles and responsibilities are clearly defined. Tip: Consider implementing a joiner-mover-leaver process in your IAM tools to automatically grant, revoke or modify access when employees join, leave or get promoted. This helps mitigate the risk of individuals being inadvertently granted the wrong level of access or access not being removed upon termination. Step 6: Execute the review and retain sufficient evidence Reviewers: Document proof of review, including justifications for approved and revoked access. Control Owner: Retain audit logs, screenshots, spreadsheets or other reports as needed. Tip: Store evidence in a central location that makes it easy to distinguish what is being reviewed. Consider using a template to consistently document each review. Step 7: Revoke unnecessary access and validate remediation Immediately remove or disable access that has been identified as needing to be revoked. Document the reason for revocation and verify timely deactivation of revoked accounts. Tip: Run a follow-up report to confirm that all access identified as a revoke within the access review are appropriately disabled and/or removed from the system. Step 8: Perform a lookback for anomalous activity Before closing the review: Review logs and audit trails for any inappropriate and/or unauthorized activity performed by revoked accounts. Investigate and follow up on any unusual activity. Define the scope of activities that are relevant to the framework and/or standard. Pay close attention to administrative accounts who can perform all transactions (including modifying user access). Tip: Accounts with admin privileges, segregation of duties conflicts or terminations are the revoked accounts with the highest risk of potential misuse. Final thought: Making user access reviews a business-as-usual process While each organization has unique circumstances, these steps may support you in conducting thorough, repeatable and audit-ready access reviews that will allow your organization to meet multiple compliance requirements and mitigate logical security risks in an efficient, consistent and cost-effective manner. Need help making your access reviews more efficient and compliant? Frazier & Deeter can help you design a process that meets your compliance requirements while saving time and reducing risk. Contact our experts today to get started. Frazier & Deeter (FD) is comprised of Frazier & Deeter, LLC, a US licensed CPA firm that provides attest services to its clients, and Frazier & Deeter Advisory, LLC, an alternative practice structure that provides tax and advisory services to clients worldwide. Learn more at
Business Wire
4 days ago
- Health
- Business Wire
Real Time Medical Systems Launches New Value-Based Care Solution, Delivering Live Post-Acute Care Insights
BALTIMORE--(BUSINESS WIRE)-- Real Time Medical Systems (Real Time), the industry-leading, KLAS Rated, and HITRUST Certified interventional analytics solution, announces the launch of its latest solution aimed at improving care and reducing costs: the Value-Based Care Dashboard. Designed to support better outcomes and enhanced coordination with post-acute care partners, the tool offers providers and health plans a centralized, real-time view of key quality and performance metrics – enabling organizations to thrive in value-based care models. The Value-Based Care Dashboard is more than a reporting tool – it's a strategic asset. It centralizes insights, eliminates fragmented workflows, and empowers providers to make timely, informed decisions in collaboration with their post-acute partners. Share The Value-Based Care Dashboard consolidates critical enterprise-level actionable insights into a single, intuitive screen. Featuring six interactive Cards, it provides visibility into readmissions, risk stratification, quality measures, and hospital utilization trends during the patient's post-acute stay. With a streamlined interface, users can quickly access key clinical information they need – without navigating to multiple systems. Key Features Include: Short Stay Quality Measures: Track CMS-defined measures using live clinical documentation Long Stay Quality Measures: Monitor long-term outcomes with national and state benchmarks Average Admissions per 1000 Members: Measure all-cause hospital admissions Readmission Risk Distribution: Categorize patients by readmission risk using Real Time's proprietary CARD score Average Readmission Rates: View 30-day readmission percentages by month of admission Monthly Admissions per 1000 Members: Analyze hospital admissions across the enterprise on a monthly basis 'Driven by ongoing feedback from our partners, we're committed to evolving Real Time's solution to meet the dynamic needs of value-based care,' said Tim Buono, Chief Strategy & Development Officer at Real Time. 'The Value-Based Care Dashboard is more than a reporting tool – it's a strategic asset. It centralizes essential insights, eliminates fragmented workflows, and empowers providers to make timely, informed decisions in collaboration with their post-acute partners.' The dashboard is especially valuable for acute care and health plan providers seeking greater visibility into patients' post-acute journeys. By integrating critical clinical data – such as readmission rates, risk levels, and quality measures – into one dashboard, Real Time helps organizations strengthen collaboration and alignment across the care continuum. With this launch, Real Time reinforces its role as a trusted partner in advancing care coordination – delivering tools that lead with precision, insight, and measurable impact in a value-based future. About Real Time Medical Systems Real Time Medical Systems is the industry-leading, KLAS Rated, and HITRUST Certified Interventional Analytics solution that turns post-acute EHR data into actionable insights. Serving healthcare organizations nationwide, Real Time improves value-based care outcomes by reducing hospital readmissions/admissions, accurately managing reimbursements, detecting early signs of infectious disease, automating antibiotic surveillance, and advancing care coordination through post-acute data transparency.
Yahoo
22-05-2025
- Business
- Yahoo
Innovaccer Launches ‘Innovaccer Gravity™': The Healthcare Intelligence Platform to Accelerate AI-Driven Transformation
New cloud-agnostic healthcare-native platform provides infrastructure and tools for healthcare organizations to scale AI adoption and drive faster ROI SAN FRANCISCO, May 22, 2025--(BUSINESS WIRE)--Innovaccer Inc., a leading healthcare AI company, today announced the launch of 'Innovaccer Gravity™', its Healthcare Intelligence Platform, designed to help organizations unlock the full value of their data and accelerate AI-driven transformation. Innovaccer Gravity™ seamlessly integrates healthcare enterprise data, enables cross-domain intelligence, and delivers faster return on investment (ROI), all while reducing total cost of ownership (TCO). Built on a modern, cloud-agnostic architecture with enterprise-grade security and compliance (HIPAA, HITRUST), Innovaccer Gravity™ unifies data from electronic health records (EHRs), claims, financial, operational, supply chain, HR and other core systems into a single source of truth. The platform's healthcare-native design, with 400+ pre-built connectors and 100+ FHIR resources, enables interoperability across clinical, operational, and financial domains, empowering leaders to drive better patient care, streamline operations, and improve financial performance. "Health systems are under unprecedented pressure to do more with less, from improving outcomes to optimizing operations, all while managing rising costs," said Abhinav Shashank, cofounder and CEO of Innovaccer. "Gravity is purpose-built to address these challenges. It unifies data, scales AI adoption, and activates real-time insights, enabling healthcare organizations to drive meaningful change, faster and more cost-effectively." Key capabilities of Innovaccer Gravity™ include: Unified Data Fabric: Integrates clinical, operational, and financial data into a single, trusted foundation with real-time alerts and actionable insights. AI-First Enterprise Intelligence Layer: Leverages Innovaccer's AI framework to provide pre-built foundational AI models (text-to-speech, speech-to-text, OCR, speech analytics) built for healthcare and customizable AI/ML workbenches. Low-Code/No-Code Self-Serve Tools: Empowers analysts, scientists, and developers to rapidly build and deploy agents, solutions using open APIs and self-service AI/ML capabilities. Build and Extend with Your Own Data and AI: Enables organizations to bring their own data, build custom analytics, develop AI models, and create tailored applications on top of Innovaccer's rich content library and pre-built assets. Enterprise-Grade Security & Governance: Ensures data integrity with built-in master data management, data governance, and cloud-agnostic scalability. Accelerated Time-to-Value: Reduces deployment timelines from months to weeks, driving faster adoption of business-critical use cases. Innovaccer Gravity™ is designed for health system leaders, including CFOs, CIOs, CTOs, and CDOs, who are seeking to modernize legacy infrastructure, improve operational efficiency, and demonstrate tangible ROI on data initiatives. With its future-proof architecture and healthcare-native intelligence, Gravity positions Innovaccer as the definitive platform for health systems seeking to accelerate digital transformation. Innovaccer Gravity™ beta is now available to health systems across the U.S, with general access in upcoming quarters. For more information about Innovaccer Gravity™, the Healthcare Intelligence Platform, visit About Innovaccer Innovaccer activates the flow of healthcare data, empowering providers, payers, and government organizations to deliver intelligent and connected experiences that advance health outcomes. The Healthcare Intelligence Cloud equips every stakeholder in the patient journey to turn fragmented data into proactive, coordinated actions that elevate the quality of care and drive operational performance. Leading healthcare organizations like CommonSpirit Health, Atlantic Health, and Banner Health trust Innovaccer to integrate a system of intelligence into their existing infrastructure— extending the human touch in healthcare. For more information, visit View source version on Contacts Press Contact:Arushi AwasthiInnovaccer 415-562-2139
Business Wire
22-05-2025
- Business
- Business Wire
Innovaccer Launches ‘Innovaccer Gravity
SAN FRANCISCO--(BUSINESS WIRE)--Innovaccer Inc., a leading healthcare AI company, today announced the launch of 'Innovaccer Gravity ™ ', its Healthcare Intelligence Platform, designed to help organizations unlock the full value of their data and accelerate AI-driven transformation. Innovaccer Gravity ™ seamlessly integrates healthcare enterprise data, enables cross-domain intelligence, and delivers faster return on investment (ROI), all while reducing total cost of ownership (TCO). Built on a modern, cloud-agnostic architecture with enterprise-grade security and compliance (HIPAA, HITRUST), Innovaccer Gravity ™ unifies data from electronic health records (EHRs), claims, financial, operational, supply chain, HR and other core systems into a single source of truth. The platform's healthcare-native design, with 400+ pre-built connectors and 100+ FHIR resources, enables interoperability across clinical, operational, and financial domains, empowering leaders to drive better patient care, streamline operations, and improve financial performance. 'Health systems are under unprecedented pressure to do more with less, from improving outcomes to optimizing operations, all while managing rising costs,' said Abhinav Shashank, cofounder and CEO of Innovaccer. 'Gravity is purpose-built to address these challenges. It unifies data, scales AI adoption, and activates real-time insights, enabling healthcare organizations to drive meaningful change, faster and more cost-effectively.' Key capabilities of Innovaccer Gravity ™ include: Unified Data Fabric: Integrates clinical, operational, and financial data into a single, trusted foundation with real-time alerts and actionable insights. AI-First Enterprise Intelligence Layer: Leverages Innovaccer's AI framework to provide pre-built foundational AI models (text-to-speech, speech-to-text, OCR, speech analytics) built for healthcare and customizable AI/ML workbenches. Low-Code/No-Code Self-Serve Tools: Empowers analysts, scientists, and developers to rapidly build and deploy agents, solutions using open APIs and self-service AI/ML capabilities. Build and Extend with Your Own Data and AI: Enables organizations to bring their own data, build custom analytics, develop AI models, and create tailored applications on top of Innovaccer's rich content library and pre-built assets. Enterprise-Grade Security & Governance: Ensures data integrity with built-in master data management, data governance, and cloud-agnostic scalability. Accelerated Time-to-Value: Reduces deployment timelines from months to weeks, driving faster adoption of business-critical use cases. Innovaccer Gravity ™ is designed for health system leaders, including CFOs, CIOs, CTOs, and CDOs, who are seeking to modernize legacy infrastructure, improve operational efficiency, and demonstrate tangible ROI on data initiatives. With its future-proof architecture and healthcare-native intelligence, Gravity positions Innovaccer as the definitive platform for health systems seeking to accelerate digital transformation. Innovaccer Gravity ™ beta is now available to health systems across the U.S, with general access in upcoming quarters. For more information about Innovaccer Gravity ™, the Healthcare Intelligence Platform, visit About Innovaccer Innovaccer activates the flow of healthcare data, empowering providers, payers, and government organizations to deliver intelligent and connected experiences that advance health outcomes. The Healthcare Intelligence Cloud equips every stakeholder in the patient journey to turn fragmented data into proactive, coordinated actions that elevate the quality of care and drive operational performance. Leading healthcare organizations like CommonSpirit Health, Atlantic Health, and Banner Health trust Innovaccer to integrate a system of intelligence into their existing infrastructure— extending the human touch in healthcare. For more information, visit
Business Wire
13-05-2025
- Business
- Business Wire
IKS Health Achieves HITRUST r2 Recertification Demonstrating Highest Level of Information Protection Assurance
DALLAS--(BUSINESS WIRE)--IKS Health, a global leader in care enablement solutions supporting clinicians, staff, and patients at every step of the care journey, today announced several of its software solutions have earned recertification status by HITRUST for information security. 'We are committed to meeting the highest standards in data protection and privacy,' said Sachin K. Gupta, Founder and CEO, IKS Health. 'Earning HITRUST r2 recertification reflects our proactive dedication to information security." Share HITRUST r2 recertification demonstrates that the organization's platforms have met demanding regulatory compliance and industry-defined requirements and is appropriately managing risk. This achievement places IKS Health in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards, and frameworks and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls. 'We are committed to meeting the highest standards in data protection and privacy,' said Sachin K. Gupta, Founder and CEO, IKS Health. 'Earning HITRUST r2 recertification across several of our solutions and locations reflects our proactive dedication to information security and reinforces our promise to protect what matters most—our customers and their data.' The IKS Health HITRUST r2 recertification covers eligibility and benefits verification systems primarily hosted on the Google Cloud Platform (GCP), with associated components such as Optimix, Stacks, Scribble, and Smartcode residing within the GCP infrastructure; key network devices and servers distributed across IKS Health data centers in Mumbai and Hyderabad, India, and the U.S.; endpoints maintained in India and the U.S.; GCP infrastructure managed by Google; and U.S. office presence. ' HITRUST certification is globally recognized as validation that information security and privacy controls are effective and compliant with various regulations. HITRUST certification isconsidered the gold standard because of the comprehensiveness and applicability of the control requirements, depth of the assurance process, and level of oversight that ensures accuracy,' said Jeremy Huval, Chief Innovation Officer at HITRUST. About IKS Health IKS Health takes on the chores of healthcare — spanning administrative, clinical, and operational burdens — so that clinicians can focus on their core purpose: delivering great care. Combining pragmatic technology and dedicated experts, IKS Health enables stronger, financially sustainable enterprises. IKS Health's Care Enablement Platform delivers data-driven value and expertise across the care journey, and IKS Health is a partner for clinician enterprises looking to effectively scale, improve quality, and achieve cost savings through forward-thinking solutions. Founded in 2006, IKS Health's global workforce supports large health systems across the United States. For more information on IKS Health and its solutions, please visit Inventurus Knowledge Solutions Limited is listed on National Stock Exchange of India Limited (NSE) and BSE Limited (BSE). {Scrip codes: NSE - IKS and BSE - 544309}
