Vori Health is a pioneering healthcare startup providing all-inclusive medical and healthcare services for physical medicine and rehabilitation care in a virtual setting. At the forefront of virtual healthcare, with a focus on musculoskeletal issues, Vori Health engaged Guidepost Solutions to help build foundational compliance and ethical policies and procedures before launching the company. Vori Health has maintained Guidepost as a trusted compliance adviser as its business continues to grow and scale.
Vori Health wanted to address compliance issues within the first phase of its development to ensure alignment with industry regulations and its mission to provide excellent, secure patient care. We assisted with the creation of a suite of ethics and compliance policies and procedures and then immediately transitioned to advising Vori on its readiness for a SOC2 audit, HITRUST assessment and HIPAA certification. We conducted Vori’s risk assessment, assisted with building a risk register and remediation plan, conducted a business impact assessment and created a business continuity and disaster recovery plan, and conducted a review to set up a privacy program.
Our team initially focused on understanding and developing best practices for ethics and compliance programs, culture, code of ethical conduct, privacy controls, data governance rules, and information security to ensure that Vori Health’s mission, vision, and purpose can be implemented effectively throughout the company.
The focus of our initial efforts included creating compliance controls to address specific regulations for HIPAA including the Privacy, Security, Breach and Retention rules, False Claims Act and anti-kickback/Stark Act controls, and ADA guidelines. We also worked on the corporate governance valuation analysis for a Fair Market Value Report for purposes of an ASA Administrative Fee.
Our team was asked to conduct a readiness assessment for potential SOC2, HIPAA, and HITRUST audits to identify policies and key controls to be included in the examination. Through this process, we identified any exceptions that could preclude certification in the SOC2 audit and HITRUST assessment. We then collaborated with the Vori team to review policies, draft procedures and enhance controls.
Because Vori Health’s people are key to its success, it was critical to develop comprehensive and appropriate employee, physician and vendor due diligence practices. We formalized the hiring diligence policies and procedures to ensure the right people, who fit Vori’s culture, are hired from the start to avoid issues in the future.
The project grew to include a risk assessment, serve as internal auditor, a business impact assessment with a business continuity and disaster recovery plan, a privacy review that led to the development of a privacy program, assistance with the creation of an incident response plan and breach notification procedures, and a 50-state survey on data retention and deletion. We also staffed Vori with virtual compliance and information security professionals as it scaled to ensure adequate capacity.
Benefit to the Client
The Guidepost team helped Vori Health create the foundational documents that set out its commitment to a culture of compliance and ethics and then assisted the company as its business scaled — to better ensure it mitigated risk and complimented its business development strategies. These guardrails will keep the company moving forward, ensuring functional compliance within the confines of regulation requirements while providing excellent patient care.