BD Emerson CPA & mdhub: HIPAA & SOC 2 Audit Partners

Overview

mdhub powers mental health clinicians with a clinical AI assistant that efficiently runs their practices. mdhub’s clinical AI assistant automates tasks that occur before, during, and after a patient visit, saving clinicians at least two hours per day on administrative tasks, therefore allowing them to see more patients. mdhub is a Y-Combinator backed company and is a part of the startup accelerator’s current summer 24 batch. With data privacy and security at the core of mdhub’s operating philosophy, mdhub turned to BD Emerson CPA to assess mdhub’s SOC 2 compliance readiness, reassess its HIPAA compliance, and advise on the design of its security controls in order to bolster the company’s security and compliance.

01.

Challenge

mdhub’s clinical AI assistant saves mental health clinicians two hours per day on administrative work and organizing patient records. Due to the high volume of Personal Health Information (PHI) processed by mdhub, the company frequently undergoes HIPAA assessments to ensure utmost compliance. Committed to data protection, mdhub sought out BD Emerson CPA to evaluate its alignment with SOC 2 compliance and verify that patient and provider data is protected with the highest standards of data security controls in place.

02.

Solution

BD Emerson CPA began our engagement with mdhub by analyzing the results of its thorough gap assessment and the measures mdhub had implemented to resolve any gaps with HIPAA and SOC 2 Type I standards. During the audit, BD Emerson CPA reviewed and advised on technical controls, governance, and managerial controls in support of meeting mdhub’s control objectives. 

HIPAA Audit Solutions:

  • Meticulous Policy Review: During the HIPAA audit, BD Emerson CPA scrupulously examined mdhub’s privacy and security policies, verifying that they aligned with HIPAA benchmarks and reflect the best practices in safeguarding PHI. 
  • Evaluation of Data Access and Sharing Protocols: BD Emerson CPA’s auditors investigated mdhub’s processes for patient data access and sharing, to ensure that the clinical AI assistant conformed to HIPAA’s Privacy Rule, respecting patient rights and clinician responsibilities. 
  • Analytical Review of Security Safeguards: The auditors then critically analyzed mdhub’s security mechanisms and controls in order to verify that they aligned with the HIPAA Security rule, which focuses on the protection of electronic PHI from unauthorized access, interference, or breaches.

SOC 2 Type I Audit Solutions:

  • Snapshot Assurance: As part of the SOC 2 Type I audit of mdhub, the auditors evaluated the design of mdhub’s controls at a specific point of time using snapshot assurance. This evaluation verified that mdhub’s controls were properly configured to meet relevant Trust Service criteria – security, availability, processing integrity, confidentiality, and privacy. 

At this time, mdhub is ready to sit for the SOC 2 Type II Audit, which will extend beyond the SOC 2 Type I’s Snapshot Assurance in order to assess the operational effectiveness of these controls over a defined period, usually six months.

03.

Impact

BD Emerson CPA’s audit of mdhub’s clinical AI assistant has delivered significant advantages to mdhub’s platform by positioning mdhub as a leader in compliance and security within the medical and mental health software space. The reassessment of mdhub’s HIPAA compliance adds an added layer of assurance that mdhub is strictly following and upholding HIPAA regulations. Upon completing the HIPAA audit, BD Emerson CPA provided a comprehensive report detailing the results of the audit, which is available to clients and asserts that mdhub is HIPAA compliant. 

With mdhub continuing to scale, they wanted to add an extra layer of data security and compliance by completing SOC 2 Type I. BD Emerson's audit reinforced mdhub’s commitment to implementing controls that safeguard the sensitive information of patient records and clinician notes. mdhub’s dedication to privacy, security and compliance, verified by BD Emerson CPA’s expertise, has set mdhub apart in its field.

 At the conclusion of the audit, BD Emerson CPA created a detailed and structured audit report that clearly communicated our conclusions and recommendations for the continued enhancement of mdhub’s controls. By working with the mdhub’s team to define appropriate control activities, BD Emerson CPA supported mdhub in meeting its commitments to clients.

04.

Conclusion

mdhub’s engagement with BD Emerson CPA has significantly bolstered its reputation in the medical and mental health software industry. Through meticulous HIPAA and SOC 2 audits, mdhub has demonstrated its commitment to medical data security and compliance. The reassessment and validation of HIPAA and SOC 2 Type I compliance not only enhances trust among potential clients but also solidifies mdhub's market position as a secure and reliable clinical AI assistant in the mental health and medical industry. As mdhub prepares for the SOC 2 Type II audit, it continues to showcase its dedication to maintaining the highest standards of data protection, ensuring both patient and provider information are safeguarded with utmost integrity.

05.

Related Services

06.

Quote

Dominik Middelmann, CEO of mdhub

“Working with BD Emerson CPA has been instrumental in our journey towards achieving and maintaining compliance with both HIPAA and SOC 2 standards. Their expertise and thorough approach provided us with invaluable insights and a clear path forward, ensuring that our platform meets the highest security and privacy standards. We appreciate how the audit team did more than just check our controls. They provided strategic guidance to build repeatable control activities to make sure we continuously mature our processes to protect data and systems. This partnership has not only reinforced our commitment to data protection but has also significantly enhanced our credibility and trust with our clients.”

Other Case Studies

Partners

At BD Emerson, the trust of our partners enhances our credibility, meeting the highest security standards and requirements.