Business Challenge

Along with all health insurers, this company was facing a tremendous task in preparing its systems to support compliance with the patient/customer privacy requirements established by HIPAA (the Health Insurance Portability and Accountability Act).  HIPAA’s rules cover not only electronic security, but also policies and measures to ensure that all employees understand what they need to do to protect their systems and every patient/customer’s privacy. 

The company had already hired a “Big 4” firm to perform a security assessment.  The assessment, however, had resulted in their receiving a 500-page document of recommendations.  They recognized that these would need to be reviewed and prioritized before they could begin to address them.  They were feeling a bit overwhelmed.

Solution

After reviewing the report, Forsythe prioritized the recommendations and then implemented the most critical and immediate items.  Then Forsythe worked with the organization to develop a formal information security program and an organizational structure to support and manage the program moving forward.  This included examining the company’s information security policies, highlighting those items required foremost to meet compliance with the regulatory bodies, and determining the resources necessary to implement them.

Results

The project is ongoing, and the company quickly obtained a clear understanding of how its organization must be structured to satisfy the information security regulations mandated by HIPAA as well as other mandated regulations that impact its business.  Equally important, rather than simply reacting to a long list of issues, the company is now building a program to proactively address them in a manageable fashion.  They will be able to check their information security practices against meaningful measures to ensure ongoing success.  And they will be compliant, which is crucial.  Otherwise, it is easy for an organization to find itself reverting to a reactive mode, just a year or two down the road.