Featured Partner
Drata
Product
Industry
Technology, Information and Internet
Company size
11-50 employees
Location
San Francisco, California
Share This Post
Newo.ai is an AI platform that enables healthcare providers—such as dental practices, clinics, and medical offices—to automate patient communication through voice, SMS, chat, and scheduling tools. As the company scaled, ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA) became a critical requirement to support customers handling Protected Health Information (PHI). Newo needed to meet strict standards for data security and privacy.
Challenge
The internal team faced a dual challenge:
- Tight timelines to achieve compliance before key customer rollouts.
- A need for a streamlined and scalable approach to security governance that wouldn’t slow down innovation.
- Ensure all AI-driven communication workflows involving PHI met HIPAA Privacy, Security, and Breach Notification Rule
Newo.ai needed a partner who could not only guide them through HIPAA compliance, but also implement a Trust Center powered by Drata, to continuously manage and demonstrate compliance.
Solution
Newo.ai engaged Axipro to lead its HIPAA compliance program and implement a sustainable, scalable framework using Drata.
Axipro designed a custom compliance strategy that included:
- HIPAA Readiness Assessment Comprehensive gap analysis against HIPAA requirements, including administrative, physical, and technical safeguards.
- Policy and Procedure Implementation Drafting and rollout of HIPAA-compliant policies for access control, data retention, breach response, encryption, and workforce training.
- Risk Assessment & Control Mapping Formal risk assessment identifying vulnerabilities in data handling workflows. Controls were mapped to HIPAA Security Rule standards and tracked via Drata.
- Drata Deployment & Trust Center Enablement Axipro configured Drata for automated evidence collection, continuous monitoring, and real-time visibility into compliance posture. A public Trust Center was launched to demonstrate adherence to HIPAA standards to stakeholders.
- Training & Operational Integration Internal training was conducted to ensure all staff were aware of their HIPAA responsibilities. Secure engineering and privacy-by-design principles were integrated into Newo.ai’s product development lifecycle.
Throughout the engagement, Axipro acted as an extension of the Newo.ai team, providing guidance, hands-on execution, and best practices.
Result – In just a few weeks, Newo.ai:
- Achieved formal HIPAA compliance, with all required safeguards, documentation, and assessments in place.
- Deployed a live Trust Center via Drata, giving healthcare clients and prospects clear visibility into Newo.ai’s compliance framework.
- Reduced compliance overhead through automation and streamlined evidence workflows.
- Enabled secure handling of PHI across all AI communication channels, meeting contractual obligations for healthcare clients.
Today, Newo.ai offers peace of mind to healthcare providers and patients alike, with secure AI-powered communication that meets the highest standards for PHI protection.
Why Axipro’s Method Works?
Axipro’s proven methodology provided structure and pace, helping Newo.ai execute under tight deadlines.
Drata’s automation platform allowed Newo.ai to shift from ad-hoc compliance to continuous assurance.
Close coordination between Axipro and Newo.ai ensured technical implementation, documentation, and training were aligned and embedded across teams.
Next Steps
With HIPAA compliance achieved, Newo.ai is now positioned to expand further into regulated healthcare markets, offering AI-powered solutions with built-in security and privacy controls.
Newo.ai announced their HIPAA compliance publicly — read their official announcement here:
👉 LinkedIn Post – Newo.ai is Officially HIPAA Compliant
