Portfolio - Healthcare, 1 of 5
A Healthcare Services Company
Directive
The Healthcare System needed to meet the federally mandated HIPAA requirements. They had a security consultant on-site for 18 months. Despite collaboration efforts, the technology department was not making the progress needed.
They needed me to translate between the security consultant and the technology department and then get a Security Management Plan written with the security consultant's input.
I was contacted within 6 weeks of the federal government's due date. If the Healthcare System was not ready by the due date, hefty fines would apply, including the $25,000 per incident fine.
In addition to the fines, patients may not have used this Healthcare System if the Healthcare System was not compliant with protecting privacy of patients.
Remarks
I coordinated input from about 25 - 35 people.
The security consultant and I developed the high-level process for regular internal auditing and proactive resolution prior to an incident.
The regular internal auditing that I helped put in place successfully identified potential violations.
We also put in place a method for the customer to proactively resolve potential violations to prevent any government penalties and managerial consequences from being imposed.
After developing the high-level process, we had to work with each technical area to implement the details and document their specific processes to support the high level process.
Results
The net savings for the first year was around $600,000.
The ROI was approximately 1 month.
Their efficiency improved by about 92%.
Successful prevention of violations or fines.