Ryan is a Senior Manager at Schellman. He has worked in public accounting since 2007 specializing in compliance auditing, including SOC examinations, ISO certifications, and healthcare audits such as HIPAA and HITRUST. Ryan has serviced clients in a multitude of industries including business process outsourcing, financial services, information technology, and healthcare. Ryan holds certifications including the CISSP, CISA, ISO 27001 Lead Auditor, CIPP/US, CCSFP, and the Advanced SOC certification.
HITRUST | Healthcare Assessments
By:
RYAN MEEHAN
September 19th, 2023
Though considered somewhat abbreviated in comparison to HITRUST’s other certification options, the HITRUST e1 Certification still represents a potentially beneficial path, particularly for those organizations that have already established their compliance programs.
HITRUST | Healthcare Assessments
By:
RYAN MEEHAN
September 14th, 2023
Service providers—e.g., SaaS, IaaS, PaaS—are currently seeing significant growth in the healthcare vertical, where they’re classified as “business associates” to the healthcare providers, insurers, and clearinghouses that are collectively referred to as “covered entities.” (Note that subcontractors to business associates are also classified as business associates.)
HITRUST | Healthcare Assessments
By:
RYAN MEEHAN
August 30th, 2022
Ernest Hemingway once said, “the best way to find out if you can trust somebody is to trust them.”
HITRUST | Healthcare Assessments
By:
RYAN MEEHAN
July 27th, 2022
Choosing your doctor is a big decision, right? You want someone licensed, with a medical degree, that can interpret your reported symptoms and treat you accordingly to your desired result—to feel better. It’s a personal relationship, so you likely research their practice, make sure they can accommodate your conditions, and check reviews on their bedside manner. Your doctor’s job is so important to your health, vetting them like this and feeling comfortable is important. The same is true for your HITRUST external assessor.
HITRUST | Healthcare Assessments
By:
RYAN MEEHAN
May 7th, 2021
While the latest version of any product is often seen as the greatest, there is more nuance involved when trying to determine which version of the HITRUST CSF® framework to utilize for certification. Currently, users can choose from versions 9.1, 9.2, 9.3, and 9.4. With the impending release of HITRUST CSF v10p (preview) in mid-May 2021, and a full release of v10 scheduled for later in the year, it adds more questions about whether to make the jump to 10 right away, if you have to make the jump to 10, and when will you be required to make the jump to version 10; all of which we’ll tackle.
By:
RYAN MEEHAN
April 14th, 2016
During SOC 1 Type 2 examinations, which analyze both the design and operating effectiveness of your controls, deviations from the stated control process must be disclosed within the service auditor’s testing results, often referred to as testing “exceptions” or “deviations” as they are exceptions from the stated control activity. The identification of at least one testing exception is a common occurrence, whether it is due to an outage, failure to document a manual process, or a simple oversight. There are a few questions, however, that you can ask both your auditors and yourselves to help manage the exceptions.
By:
RYAN MEEHAN
December 15th, 2015
The Health Insurance Portability and Accountability Act (HIPAA) has been gaining a lot of traction recently based on the omnibus final rule that was published in 2013 and the increased scrutiny brought on by recent healthcare data breaches. The omnibus final rule includes modifications mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act, which establishes the concept that business associates must comply with HIPAA regulations, as well as the covered entities that were already required to comply with the regulations. The HITECH Act also brought the breach notification and privacy responsibilities of covered entities and business associates to the forefront as well.