Lumistry Case Study

RSI Security helped Lumistry achieve the highest level of HITRUST Certification.

video-img-home

“Everything about the certification process was seamless, from preparation through the actual assessment. We’re looking forward to a continued partnership with RSI Security.”

- Andy Hart, VP of Information Security, Lumistry

Challenges

Lumistry (previously known as Digital Pharmacist) is one of the leading platforms empowering pharmacies to create an online presence for patient engagement. Lumistry is a two-time Inc. 5000 list member—most recently in 2022 on the strength of 100% IVR refill and 40% account growth.

Today, Lumistry serves over 7,000 pharmacies worldwide.

A key part of serving these pharmacies is ensuring that sensitive information concerning their clientele and personnel is protected. And, adding to the stakes, Digital Pharmacist was acquired by Lumistry in 2022 alongside three other major players in the telehealth industry (Vow Inc., CAREANIMATIONS, and VUCA Health Unite). In practice, this joining of forces multiplies the benefits for all clientele impacted—but it also means an even greater pool of sensitive data is potentially at risk across Digital Pharmacist’s and its partners’ shared ecosystems.

Lumistry faced these challenges head-on with a robust HITRUST CSF assessment, certifying its cyberdefenses with the highest level of security assurance for all stakeholders.

RSI-Security-Logo

RSI Security facilitated Lumistry’s HITRUST r2 Assessment with:

To meet its varied clients’ needs, Lumistry sought a HITRUST Risk-based, 2-year (r2) Assessment. These are the most involved and rigorous implementations of the HITRUST CSF framework, incorporating controls that meet HIPAA, PCI-DSS, GDPR, and other regulatory standards simultaneously. Arun Patel, Senior Security Consultant at RSI Security, worked closely with Hart, scoping out the risk factors to control for and safeguards that would minimize costly overlap.

 

“Everyone on our team appreciated the advisory work Arun put in and the consistent communication from all RSI team members—they made it as easy as it could be.”

– Andy Hart

Implementation

Typical HITRUST r2 Assessments encompass Expanded Practices, including about ~375 Requirements on average for Year 1. In Lumistry’s case, there were 560 total controls implemented. This involved a robust and dynamic approach to both technical installation and project management. RSI Security’s Project Coordinator, Bella Mangmang, worked closely with both Patel and Hart to ensure smooth communication and collaboration throughout the process.

“I’m not sure if we knew at first just how many controls we needed to account for—more than double the normal—but the process was extremely efficient nonetheless.”

– Andy Hart

RSI-Security-Logo

Documentation

The most technically rigorous part of the HITRUST Certification process is documentation. All controls need to be substantiated with current and historical data, and there are challenges to understanding the full scope of what’s required—not to mention formatting, storage, etc. Patel and Mangmang worked with Hart and others on establishing clear guidelines for staff and other stakeholders to understand their responsibilities to ensure a swift, successful r2 Assessment.

“What stood out to me was the human side of the project. I was always 100% sure of who I was dealing with, their expertise, and their commitment to keeping us protected.”

– Andy Hart

Outcome

Working with RSI Security, Lumistry achieved a Validated HITRUST Risk-based 2-Year (r2) Assessment. That means HITRUST CSF Certification for a 2-year period, pending an Interim Assessment after Year 1. It also means Lumistry is either already compliant with, or well positioned to easily assess for, several other regulations. For laws like HIPAA, with no baseline audit, Lumistry is set. For most others, it can “assess once, report many,” which is the goal for comprehensive cybersecurity efforts.

Beyond compliance, Lumistry is now equipped with a robust cyberdefense program that will keep all stakeholders (including others under the broader Lumistry umbrella) safe well into the future. A formalized Lumistry Information Security Program is the icing on the cake, reassuring client pharmacies and their clientele that Lumistry cares about protecting them from cyberthreats.

video-img-home

“I loved working with Arun and the entire RSI team. I hope to continue to do so in the future.”

- Andy Hart, VP of Information Security, Lumistry

LATEST

Case Studies

Epic Games Case Study

Macomb Community College Case Study

Lumistry Case Study

Tilly’s Case Study

RSI Security

Power Digital Case Study

Meltmedia Case Study

WorkWave Case Study

Finix Case Study

CUSTOMERS

Organizations that trust RSI Security

samsung
Screenshot 2023-10-13 142906
Epic
PowerDigital_SecondaryLogo_Transparent_Black_67181
Tenet
cisco-impact
Workwave-1
sandag
tarleton-state-university-logo-freelogovectors.net_
Island
Rady_Childrens_Hospital_logo.svg
Seal_of_Beverly_Hills_California.svg
century-club-sd