Enabling Better Outcomes Through Integrated and Innovative Intelligent Healthcare Management Solutions

The Client

Each with their roots firmly established in healthcare innovation and the advancement of medical benefits management since the early 1990s, CareCore and MedSolutions merged in 2014 to form eviCore healthcare.  eviCore has since become a national leader in integrated, innovative intelligent care management solutions for managed care and risk-bearing providers. At the highest level, eviCore’s mission is to improve healthcare through better outcomes for patients, payers, and providers, and the company achieves this mission by enabling medical benefits management processes that ensure patients get the right care from the right place at the right time at the best cost.

With 4,300 employees and more than 1,000 clinicians, eviCore engages with more than 570,000 providers. As the largest medical benefits management services provider, eviCore stands apart with its focus on leveraging evidence-based medicine and patient-focused outcomes. Through a broad range of specialty and market solutions, eviCore offers more comprehensive care management solutions than any other company in the industry.

The Opportunity

Like many organizations that serve as partners to the largest health insurance companies in the US, eviCore was obligated contractually to demonstrate the maturity of their security program by obtaining Certification under HITRUST. For several years, LBMC provided eviCore with financial systems support, through the business systems division of LBMC’s Technology Solutions affiliate. Having knowledge of LBMC’s additional capabilities around IT security and audit, eviCore’s Chief Information Security Officer, Bob Davis, engaged LBMC Information Security to be its HITRUST CSF assessor organization. With the HITRUST certification achieved, it was quickly recognized that eviCore could significantly reduce the organization’s “audit fatigue” by leveraging more of a test once, report many strategy to meet additional requirements for Service Organization Control (SOC reporting). LBMC worked collaboratively with Bob and his compliance teams and in 2016 and 2017, LBMC provided SOC 1 reports, a SOC 2 readiness assessment, and a HITRUST renewal. Going forward, the plan is to continue to leverage the work of LBMC’s IT auditors and security pros to help eviCore meet these various customer requirements in a way that provides maximum results without redundant requests for interviews and audit evidence.  

“As eviCore was embarking on the HITRUST assessment process, we wanted a partner that had HITRUST experience and that we could engage with routinely and face to face; this led us to choose a local firm with large enough resources and a solid reputation. LBMC Information Security was attractive because they had it all,” says Davis. “All in all, eviCore’s team greatly values LBMC Information Security’s highly-qualified professionals and accessible expertise.”

The Solution

Through the development and the continuation of the business partnership, eviCore has maintained a consistent level of confidence in the time and attention the organization has received from LBMC Information Security. “We quickly shared common ground, in terms of creating a partnership and not just a customer-vendor relationship,” affirms Davis. As eviCore was performing multiple assessments as required by HIPAA, its clients, and HITRUST, it was essential that the organization and its auditors and assessors were leveraging the evidence to ensure proper efficiency of time and dollars spent on information security services. LBMC Information Security’s collaborative consulting approach and variety of information security solutions has given eviCore proven results. “The professionals at LBMC Information Security are always respectful of our time and budget. Other companies in need of information security services can rest assured that LBMC Information Security’s team will do the same for you,” says Davis.