Case Study: eHealth Technologies SOC 2 Type II Certification
eHealth Technologies’ success revolves around its ability to securely and responsibly handle sensitive patient information. Each time a contract is signed with a new customer, a thorough due diligence process takes place, which includes a security assessment verifying up to 300 items.
In 2015, the company sought to streamline this time consuming process as its business expanded. To do so, eHealth Technologies required an external security audit to achieve Service Organization Control No. 2 (SOC 2) Type ll Certification. This certification could be presented to customers in lieu of the lengthy security questionnaire, and the credentials would help establish trust in addition to reducing the time and cost of due diligence.
Like many companies in the Life Sciences and Healthcare industries, eHealth Technologies had a paper based system for its quality management, training, and documentation.
This presented significant challenges, as with paper there is always the question of which document contains the most recent version of a policy, and whose signatures are required on a particular document. During an audit, a single misplaced training record creates delays and opens the door to larger issues like non-compliance findings.
In order to get SOC 2 Type ll certified, eHealth Technologies had to migrate its quality management process to a digital system that would allow the company to build a consistent set of polices and procedures, and make it easier to manage employee training records.
1) Better Document Management
Having ready-to-use templates instead of typing everything up from scratch was a big benefit to the quality management team and made it less intimidating to get started with a new QMS.
2) Easy Training and Tracking
Colin Rhodes, eHealth Technologies’ Chief Technical Officer, found that some QMS software made executing training so difficult that people tended to avoid it. With Qualio’s simplified workflow, his team quickly found the training material they needed to focus on instead of going through multiple steps and complicated software.
3) Qualio’s Client Service
Since eHealth Technologies’ business revolves around handling patient information with integrity and careful stewardship, trust plays a significant role in their partnerships as well.
“We look to work with vendors who share a similar culture,” says Colin. “It has been clear from the very beginning that Qualio is responsive and has a strong customer service ethic that is in line with ours.”
Once the team decided Qualio was the best fit for their needs and values, they were able to get set up and running in less than a week.
Colin’s team held weekly policy review meetings in preparation for the SOC 2 Type II audit. During these sessions, the eHealth Technologies’ team reviewed, revised, and approved over 200 policies in real-time using Qualio.
Here is what Colin had to say about the new workflows: “With other systems I have used editing and approving documents is a monumental task that has to be accomplished sequentially by several individuals. With Qualio, members of my team are able to simultaneously review documents very quickly. It’s easy.”
eHealth Technologies has used Qualio to successfully roll out training to over 200 employees across all departments.
“During audits, we are able to easily access the information needed to verify which individuals have completed the mandatory training,” says Colin. “With Qualio there is no question about who has been trained, and who hasn’t.”
As a result of switching to Qualio along with improving other areas of its quality management process, eHealth Technologies achieved its security certification goal. This has created financial benefits and helped strengthen the company’s reputation as an industry leader.
About eHealth Technologies
eHealth Technologies is the leading provider of referral solutions, serving over half of the nation’s top 100 hospitals, including 14 of the top 20 U.S. News & World Report Honor Roll Hospitals for 2016-2017, and leading HIEs across the U. S. The company’s eHealth Connect® solutions enhance patient and physician satisfaction by streamlining care transitions and assuring physicians have the right information to care for their patients. eHealth Connect® Image Exchange enables HIE subscribers access to full diagnostic quality medical records in the context of the patient record. For more information visit www.eHealthTechnologies.com.