Enterprise Privacy and Infosec (HIPAA-HITECH)

Sunday, January 16, 2011

Jack Anderson


The team at Compliance Helper has been delivering compliance consulting services over the Internet for nearly ten years. 

Our privacy and information security expert, Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI has several decades of experience delivering privacy and information security consulting services. 

The experience that only comes from having real clients of all shapes and sizes has molded our thinking about how to deliver these services.  Cloud computing is a necessary element to enable managing multiple remote sites from a central location. 

A task based methodology is key to providing a step by step process ensuring a complete and comprehensive programs is established.  Metrics for measuring performance allow both internal monitoring of progress as well as the ability to demonstrate compliance levels to business partners. 

Most importantly, providing a human Helper who is a privacy and security expert assigned to each account provides the oversight, advice, encouragement, and occasional nagging required to get people through this process. 

The Helper is able to monitor hundreds of users remotely which leverages their privacy and information security knowledge efficiently.  A small team can manage a large enterprise easily.

Let's look at a common scenario;  A group of hospitals, with a number of physician practices, labs, pharmacies, clinics, and other ancillary units.  They have developed standardized policies, procedures, and forms (PP&F), but also recognize that different units have different business models that must be accommodated. 

From a central location they set up the Master Program and load their content.  They then set up an account for each unit which delivers the content and a step by step process for the unit to review and edit this content. 

The Helper has oversight to provide advice and also has approval power.  If edits are acceptable they are approved and become part of the policies, procedures, and forms used by that unit. 

As changes are made to the standard PP&F they are pushed out to all units to go through the same review, edit, approval cycle. Their progress is measured and delivered to a dashboard which allows the Helper to quickly view all of the units they are managing. 

In addition a Compliance Meter is available to be posted on each units website or delivered to their business partners.  The meter shows their current level of compliance at all times.

The Master Program has also been used by IT companies providing services to healthcare organizations.  It can be delivered either under the Compliance Helper brand or private labeled.  This allows the IT service company to provide a new much needed service to new and existing clients.

Cross-posted from Compliance Helper

Possibly Related Articles:
HIPAA Cloud Computing HITECH Healthcare metrics
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.