Case Studies

The HIPAA Analytics team has served a broad range of healthcare organizations and their vendors. Selected projects include:

Assignment: Engaged by board of directors to conduct enterprise wide HIPAA privacy and security audit, to assess progress towards HIPAA compliance, comparing the state of corporate operations and over 100+ field operations, activities, practices, policies and procedures with the privacy and security standards. Identified and analyzed top-level privacy and security standards gap issues and challenges, going forward. Provided recommendations and high-level work plan for remediation activities to manage regulatory and business practice compliance to board.

Assignment: Retained to assist senior management in compliance gap assessment as a part of outsourcing IT department to healthcare data center. Conducted high level privacy and security audit, interviewed IT and business staff, created metrics for use in management decision making and made final report to board of directors.

Company sought independent third-party HIPAA audit to demonstrate to healthcare clients, such as hospitals, imaging centers, radiology groups, and ambulatory clinics, that the internal HIPAA controls within the company are in place and are suitably designed to ensure compliance; the company’s control policies and procedures have been evaluated, reviewed and passed by an independent third party and clients, prospects, vendors, partners and business associates gain confidence that moving forward with and doing business with company is safe, and that confidence extends to their customers and patients as well.

Conducted HIPAA privacy and security audit examining all aspects of business and technical process, conducted gap assessment, developed remediation plan, updated policies and procedures, instituted training and awareness program. Issued a favorable report indicating internal privacy and security controls were in place to provide reasonable assurance the company has complied with HIPAA standards.

Assignment: Midwest Community Service Organization, offering broad employment, educational and medical services statewide, via 10,000 volunteers and 1,000 employees. Retained to examine state of HIPAA compliance throughout organization and provide remediation, compliance support and education and awareness programs as needed. Developed project plan and conducted privacy & security audit, analyzing all aspects of organization and field locations. Conducted interviews across management, staff and volunteers to determine gaps in compliance, created remediation plan, counseled management in business specific issues surrounding privacy and security compliance. Worked directly with compliance officer to implement state privacy requirements. Successfully upgraded organization state of compliance, privacy and security awareness and compliance culture.

Assignment: Large Midwest Clinic with multiple metropolitan locations. Retained to assist senior management in a compliance gap assessment as a part of an evaluation to outsource IT department to a healthcare data center. Conducted high level HIPAA privacy and security audit, interviewed IT and business staff, created metrics for use in management decision process and made final report to board. Project successfully assisted in the compliance migration and IT systems to healthcare data center.