HITRUST CSF Certified
Ursa Studio has achieved HITRUST CSF® Certified status, demonstrating that it has met key regulatory requirements and industry-defined requirements and is appropriately managing risk. This achievement places Ursa Health in an elite group of organizations worldwide that have earned this certification.
By including federal and state regulations, standards, and frameworks, and by incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
SOC 2 Evaluated
Ursa Health has successfully completed the System and Organization Controls (SOC) 2 audit process. The SOC 2® Type II examination is conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA). Type II evaluation tests the design and operating effectiveness over time of key internal controls, such as security, availability, processing integrity, confidentiality, and privacy.
Minimal data movement
Multi-level user controls
Ursa Studio supports two-factor authentication and can delegate authentication to AD or SAML. The platform can also handle authentication natively with its HITRUST-compliant password management system.
You can set access permissions by group or user, as well as restrict data access anywhere from the report level to the row level, making it easier to control who sees what information.
Monitoring and alerting tools are a critical component of Ursa Studio. In addition, the platform maintains a full audit trail of changes to Measures and Data Objects, with one-click recovery of any previous state.
Varied role types
- Grant different privileges based on role type
- Set up and enforce roles within Ursa Studio, or integrate with your enterprise credentialing system (e.g., AD, SAML)
Healthcare-specific visibility settings
- Learning and the motivation to improve require that users understand performance across similar groups (e.g., hospitals or physicians) while balancing the need to protect PHI.
- Ursa Studio automates this balance by sharing global results, with the case-level review limited based on whether the individual was actually involved in the case.