Home

Consulting Services

Audit Services

Industries

Cases

About

Clients

Blog

Trust center

Contact

OfficesGet a quoteEmail us
LinkedIn

HOME

All Cases

mdhub

BD Emerson CPA & mdhub: HIPAA & SOC 2 Audit Partners

About

other cases

book a call

Overview

mdhub powers mental health clinicians with a clinical AI assistant that efficiently runs their practices. mdhub’s clinical AI assistant automates tasks that occur before, during, and after a patient visit, saving clinicians at least two hours per day on administrative tasks, therefore allowing them to see more patients. mdhub is a Y-Combinator backed company and is a part of the startup accelerator’s current summer 24 batch. With data privacy and security at the core of mdhub’s operating philosophy, mdhub turned to BD Emerson CPA to assess mdhub’s SOC 2 compliance readiness, reassess its HIPAA compliance, and advise on the design of its security controls in order to bolster the company’s security and compliance.

01.

Challenge

mdhub’s clinical AI assistant saves mental health clinicians two hours per day on administrative work and organizing patient records. Due to the high volume of Personal Health Information (PHI) processed by mdhub, the company frequently undergoes HIPAA assessments to ensure utmost compliance. Committed to data protection, mdhub sought out BD Emerson CPA to evaluate its alignment with SOC 2 compliance and verify that patient and provider data is protected with the highest standards of data security controls in place.

02.

Solution

BD Emerson CPA began our engagement with mdhub by analyzing the results of its thorough gap assessment and the measures mdhub had implemented to resolve any gaps with HIPAA and SOC 2 Type I standards. During the audit, BD Emerson CPA reviewed and advised on technical controls, governance, and managerial controls in support of meeting mdhub’s control objectives. 

HIPAA Audit Solutions:

  • Meticulous Policy Review: During the HIPAA audit, BD Emerson CPA scrupulously examined mdhub’s privacy and security policies, verifying that they aligned with HIPAA benchmarks and reflect the best practices in safeguarding PHI. 
  • Evaluation of Data Access and Sharing Protocols: BD Emerson CPA’s auditors investigated mdhub’s processes for patient data access and sharing, to ensure that the clinical AI assistant conformed to HIPAA’s Privacy Rule, respecting patient rights and clinician responsibilities. 
  • Analytical Review of Security Safeguards: The auditors then critically analyzed mdhub’s security mechanisms and controls in order to verify that they aligned with the HIPAA Security rule, which focuses on the protection of electronic PHI from unauthorized access, interference, or breaches.

SOC 2 Type I Audit Solutions:

  • Snapshot Assurance: As part of the SOC 2 Type I audit of mdhub, the auditors evaluated the design of mdhub’s controls at a specific point of time using snapshot assurance. This evaluation verified that mdhub’s controls were properly configured to meet relevant Trust Service criteria – security, availability, processing integrity, confidentiality, and privacy. 

At this time, mdhub is ready to sit for the SOC 2 Type II Audit, which will extend beyond the SOC 2 Type I’s Snapshot Assurance in order to assess the operational effectiveness of these controls over a defined period, usually six months.

03.

Impact

BD Emerson CPA’s audit of mdhub’s clinical AI assistant has delivered significant advantages to mdhub’s platform by positioning mdhub as a leader in compliance and security within the medical and mental health software space. The reassessment of mdhub’s HIPAA compliance adds an added layer of assurance that mdhub is strictly following and upholding HIPAA regulations. Upon completing the HIPAA audit, BD Emerson CPA provided a comprehensive report detailing the results of the audit, which is available to clients and asserts that mdhub is HIPAA compliant. 

With mdhub continuing to scale, they wanted to add an extra layer of data security and compliance by completing SOC 2 Type I. BD Emerson's audit reinforced mdhub’s commitment to implementing controls that safeguard the sensitive information of patient records and clinician notes. mdhub’s dedication to privacy, security and compliance, verified by BD Emerson CPA’s expertise, has set mdhub apart in its field.

 At the conclusion of the audit, BD Emerson CPA created a detailed and structured audit report that clearly communicated our conclusions and recommendations for the continued enhancement of mdhub’s controls. By working with the mdhub’s team to define appropriate control activities, BD Emerson CPA supported mdhub in meeting its commitments to clients.

04.

Conclusion

mdhub’s engagement with BD Emerson CPA has significantly bolstered its reputation in the medical and mental health software industry. Through meticulous HIPAA and SOC 2 audits, mdhub has demonstrated its commitment to medical data security and compliance. The reassessment and validation of HIPAA and SOC 2 Type I compliance not only enhances trust among potential clients but also solidifies mdhub's market position as a secure and reliable clinical AI assistant in the mental health and medical industry. As mdhub prepares for the SOC 2 Type II audit, it continues to showcase its dedication to maintaining the highest standards of data protection, ensuring both patient and provider information are safeguarded with utmost integrity.

05.

Related Services

BD Emerson's HIPAA Audit Services

BD Emerson's SOC Audit Services

06.

Quote

Dominik Middelmann, CEO of mdhub

“Working with BD Emerson CPA has been instrumental in our journey towards achieving and maintaining compliance with both HIPAA and SOC 2 standards. Their expertise and thorough approach provided us with invaluable insights and a clear path forward, ensuring that our platform meets the highest security and privacy standards. We appreciate how the audit team did more than just check our controls. They provided strategic guidance to build repeatable control activities to make sure we continuously mature our processes to protect data and systems. This partnership has not only reinforced our commitment to data protection but has also significantly enhanced our credibility and trust with our clients.”

Other Case Studies

BD Emerson & Wendt Partners: SOC 2, HIPAA, and GDPR

Wendt Partners is a B2B growth consulting agency, focused on providing clients with customized growth solutions. Through their platform, Wendt Partners offers clients a B2B Growth Stack, which is a customized strategy centered on marketing, sales, and CRM solutions. In order to fortify their current platform and fulfill their commitments to clients from the technology, industrial services, and professional services industries, Wendt Partners turned to BD Emerson for a comprehensive overhaul of their cybersecurity infrastructure. In less than 90 days, BD Emerson had assisted Wendt Partners in building out controls that aligned with SOC 2 Type 1, HIPAA, ISO 27001, and GDPR standards.

BD Emerson & Titan Intake: HIPAA & SOC 2 Compliance Partners

Titan Intake is a digital health innovation company whose platform automates the processing of incoming patient records and referrals to expedite the time it takes to process new patient paperwork. With a platform that reads, sorts, and processes Personal Health Information (PHI) instantly, Titan Intake upholds stringent HIPAA standards and is dedicated to building an extra layer of data protection through SOC 2 Type I compliance. Titanic Intake, Inc. sought out BD Emerson’s consulting services to help the company navigate SOC 2 Type I compliance and harden its HIPAA controls to make certain the Titan Intake platform operates at the highest level of data security. BD Emerson guided Titan Intake through the building of SOC 2 Type I controls, the assessment of their existing HIPAA controls, and the implementation of Vanta, BD Emerson’s trusted partner for compliance automation services.

BD Emerson & Boxcore: Achieving SOC 2 Compliance

Boxcore, a leading construction safety software provider simplifies how construction companies manage their compliance documents, training records, and digital permits. In order to mature the Boxcore product and enhance security at the parent organization, they sought out BD Emerson’s expertise. The partnership between Boxcore and BD Emerson led Boxcore through the SOC 2 Type I and GDPR compliance processes.

BD Emerson & Gardiant: Achieving SOC 2 Type I Compliance

Gardiant, a modern Case Management software company, underwent an initiative to enhance its security and compliance posture in order to align its operations with the rigorous compliance standards of HIPAA and SOC 2. BD Emerson was selected to help Gardiant navigate the complex regulatory landscape and implement vital security and privacy controls. The goal was to enable the team to build more security and privacy features into the product, add additional governance controls at the organizational level, and elevate the protections Gardiant customers can count on while using the Gadirant Works platform.

BD Emerson & Meridian AI: Fast-Tracking to SOC 2 Compliance for Enhanced Enterprise Readiness

In the rapidly evolving tech landscape, startups like Meridian AI, a pioneering AI technology firm, confront the imperative of adhering to rigorous security, privacy, and compliance standards from the outset. Meridian AI, known for its innovative AI solutions, recognized early on the necessity of embedding robust security and compliance frameworks into its operations to serve enterprise-level customers effectively. BD Emerson, a leader in corporate IT consulting, was chosen to guide Meridian AI through this critical process, elevating the company's security posture and compliance readiness to new heights.

BD Emerson & HiredHelpr: Elevating Security Measures for Enhanced Business Growth and Trust

In the competitive landscape of digital services, HiredHelpr, a cutting-edge platform designed to connect clients with a wide range of professional services, realized the paramount importance of bolstering their security posture to safeguard client identities, secure devices, and protect cloud infrastructure. To achieve these goals, HiredHelpr enlisted the expertise of BD Emerson, a premier corporate IT consulting firm known for its comprehensive security assessments and solutions. This partnership was aimed at not just meeting but exceeding industry-standard security practices, thereby instilling confidence in HiredHelpr’s clients and partners.

BD Emerson & Civex: Pioneering GLBA-Compliant Application Architecture for Secure Civic Engagement

Civex, an innovative platform designed to enhance civic engagement through its native app, faced the challenge of ensuring that their product met the stringent requirements of the Gramm-Leach-Bliley Act (GLBA) at launch. Recognizing the critical need for a foundational approach to security and privacy, Civex partnered with BD Emerson. This collaboration focused on integrating GLBA compliance into the application's architecture from the ground up, ensuring that Civex's product was not only compliant but also trusted by early customers for its security and privacy measures.

BD Emerson & Supered: Elevating Digital Adoption with Compliance Excellence

Supered, a dynamic digital adoption platform tailored for the HubSpot ecosystem, is dedicated to empowering sales representatives, administrators, and marketers to become CRM superheroes. To achieve this mission while expanding their footprint among enterprise clients, Supered sought to ensure the highest standards of security and privacy compliance. Recognizing the importance of SOC 2 Type I and II compliance, along with GDPR adherence, Supered engaged BD Emerson for their unmatched expertise. Through an accelerated and comprehensive compliance journey, BD Emerson not only facilitated Supered's compliance achievements but also enhanced their marketability and trust within the enterprise sector.

BD Emerson & Rubrik: Fortifying Data Protection in the Cloud Era

Rubrik, a leader in cloud data management and security, faced the critical challenge of aligning its operations with stringent compliance standards, including HIPAA, SOC 2, ISO 27001, and GDPR. As the company sought to reinforce its commitment to privacy, security, and compliance, BD Emerson was chosen for its expertise in navigating complex regulatory landscapes. Through a collaborative effort, BD Emerson not only guided Rubrik in achieving and maintaining these vital compliance milestones but also solidified Rubrik's position as a trusted guardian of sensitive data in the cloud.

BD Emerson & Savant/GE Lighting: Steering Enterprise Security and Privacy in the IoT Era

In the rapidly evolving landscape of smart home technology, Savant/GE Lighting, a pioneer in the field, recognized the critical need to enhance their cybersecurity posture and privacy compliance to safeguard their reputation and customer trust. To navigate this complex terrain, they turned to BD Emerson for their expert Virtual Chief Information Security Officer (vCISO) service. BD Emerson's holistic approach to security leadership, endpoint management, application security, and privacy consulting has fortified Savant's defenses and compliance, setting a new benchmark in the smart home industry.

BD Emerson & LiveSchool: Navigating the Path to SOC 2 Compliance for Educational Excellence

LiveSchool, an innovative platform designed to enhance school environments through rewarding positive student behavior, faced a pivotal challenge in their expansion journey. As they partnered with larger school districts, they needed to demonstrate their security and privacy policies through a 3rd party SOC 2 audit, a critical trust and compliance benchmark for service providers. Recognizing the complexity of this requirement, LiveSchool enlisted BD Emerson’s expertise. Over just three months, BD Emerson transformed LiveSchool’s security and privacy posture, successfully prepared for their SOC 2, and raised the bar for practices in the ed tech industry.

BD Emerson & Incentiv: Accelerating Startup Success through Comprehensive Security and Compliance Solutions

In an era where startups face immense pressure to meet stringent security, privacy, and compliance requirements from the get-go, Incentiv Inc., an innovative data platform backed by leading venture firms, embarked on an ambitious journey. Incentiv arms investors and talent leaders with rich data and intuitive tools they can rely on to make confident comp decisions across their global portfolios. Aware of the challenges in serving enterprise customers, Incentiv recognized the need to design their product from Day 1 with rigorous attention to security, privacy, and compliance. This is where BD Emerson stepped in, providing end-to-end corporate IT consulting, propelling Incentiv to new heights.

Partners

At BD Emerson, the trust of our partners enhances our credibility, meeting the highest security standards and requirements.

About Us

Join forces with BD Emerson to transform your business's digital defense strategy. Trust in our expertise to elevate your security measures and drive your business towards a safer, more secure digital future.

Schedule a consultation
HomeConsulting ServicesAudit ServicesIndustriesCase Studies
AboutBlogClientsTrust centerContact

© 2024 BD Emerson.

Privacy PolicyTerms and Conditions.