SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

RYAN MEEHAN

Ryan is a Senior Manager at Schellman. He has worked in public accounting since 2007 specializing in compliance auditing, including SOC examinations, ISO certifications, and healthcare audits such as HIPAA and HITRUST. Ryan has serviced clients in a multitude of industries including business process outsourcing, financial services, information technology, and healthcare. Ryan holds certifications including the CISSP, CISA, ISO 27001 Lead Auditor, CIPP/US, CCSFP, and the Advanced SOC certification.

Blog Feature

Healthcare Assessments

By: RYAN MEEHAN
September 19th, 2023

Though considered somewhat abbreviated in comparison to HITRUST’s other certification options, the HITRUST e1 Certification still represents a potentially beneficial path, particularly for those organizations that have already established their compliance programs.

Blog Feature

Healthcare Assessments

By: RYAN MEEHAN
September 14th, 2023

Service providers—e.g., SaaS, IaaS, PaaS—are currently seeing significant growth in the healthcare vertical, where they’re classified as “business associates” to the healthcare providers, insurers, and clearinghouses that are collectively referred to as “covered entities.” (Note that subcontractors to business associates are also classified as business associates.)

Blog Feature

Healthcare Assessments

By: RYAN MEEHAN
August 30th, 2022

Ernest Hemingway once said, “the best way to find out if you can trust somebody is to trust them.”

Blog Feature

Healthcare Assessments

By: RYAN MEEHAN
July 27th, 2022

Choosing your doctor is a big decision, right? You want someone licensed, with a medical degree, that can interpret your reported symptoms and treat you accordingly to your desired result—to feel better. It’s a personal relationship, so you likely research their practice, make sure they can accommodate your conditions, and check reviews on their bedside manner. Your doctor’s job is so important to your health, vetting them like this and feeling comfortable is important. The same is true for your HITRUST external assessor.

Blog Feature

Healthcare Assessments

By: RYAN MEEHAN
May 7th, 2021

While the latest version of any product is often seen as the greatest, there is more nuance involved when trying to determine which version of the HITRUST CSF® framework to utilize for certification. Currently, users can choose from versions 9.1, 9.2, 9.3, and 9.4. With the impending release of HITRUST CSF v10p (preview) in mid-May 2021, and a full release of v10 scheduled for later in the year, it adds more questions about whether to make the jump to 10 right away, if you have to make the jump to 10, and when will you be required to make the jump to version 10; all of which we’ll tackle.

Blog Feature

SOC Examinations

By: RYAN MEEHAN
April 14th, 2016

During SOC 1 Type 2 examinations, which analyze both the design and operating effectiveness of your controls, deviations from the stated control process must be disclosed within the service auditor’s testing results, often referred to as testing “exceptions” or “deviations” as they are exceptions from the stated control activity. The identification of at least one testing exception is a common occurrence, whether it is due to an outage, failure to document a manual process, or a simple oversight. There are a few questions, however, that you can ask both your auditors and yourselves to help manage the exceptions.

{