Security & Compliance at Sandata: From Headache to Head Start

When compliance became all-consuming for a leading healthcare tech company, Aprio delivered a custom risk management solution that saved time and reduced expenses.

The Challenge: Too Busy With Compliance to Grow the Company

Sandata, a leading healthcare technology company providing solutions that make it easier for payers and providers to work together and increase the quality of in-home care, sits at the intersection of multiple security and regulatory compliance requirements. The burden of managing the programs was keeping leadership from focusing on what is most important – building and shipping great software.

Healthcare IT companies are beset with security and regulatory requirements. These can range from HITRUST, SOC 2, and HIPAA requirements, to CMS, WCAG and more. Staying on top of information security, privacy and regulatory requirements is a job suited for an entire team of security and compliance experts, yet few companies can afford the budget required to bring that team in-house.

The Solution: A Custom Plan From Aprio’s Security Compliance as a Service (CaaS) Team

Sandata turned to Aprio for a robust, budget-friendly compliance solution. Together, we developed a custom menu of services to simplify budgeting, reduce costs, and free leadership to focus on critical business initiatives.

Aprio’s CaaS team began with an assessment of Sandata’s security and compliance landscape to identify certification and regulatory requirements, special projects including penetration testing and incident response tabletops, and CMS compliance support needs. The result of that analysis was a compliance plan and strategy tailored to Sandata’s specific needs.

Sandata began to experience benefits from its custom compliance plan almost immediately. Those benefits included:

• A reduction in security spend: Sandata’s custom plan called for consolidation of vendors, penetration testing, cybersecurity risk assessment, incident response support, and more, along with an overall reduction in spending on security services.
• Introduction of automation and improved risk management: Sandata implemented an enterprise-wide governance, risk and compliance SaaS platform to operationalize the security and compliance program, automate evidence collection for audits, ensure efficient operation, and improve enterprise risk management.
• Less time spent on compliance certifications: After engaging with Aprio’s CaaS team, Sandata management, IT, and engineering spent significantly less time managing audits, operating controls, collecting evidence for audits, and managing day to day compliance initiatives.

The Result: A Clear Return on Investment

Today, Sandata spends less on security and risk management while enjoying additional capacity, new efficiencies, reduced audit burden, and consolidated security and compliance vendors.

With Aprio’s end-to-end program management strategy and SaaS-based GRC platform in place, Sandata’s IT and security operations teams are free to explore new capabilities and automation. Sandata now operates with more flexibility while spending less overall on operating costs.

Compliance audits that used to take multiple weeks to complete have been integrated into business-as-usual processes – what a difference!