Portfolio - Companies with Annual Revenues Greater
than $100M, 9 of 17
A Healthcare Services Company
Directive
The Healthcare System needed to meet the federally mandated HIPAA
requirements. They had a security consultant on-site for 18 months.
Despite collaboration efforts, the technology department was not making the
progress needed.
They needed me to translate between the security consultant and the
technology department and then get a Security Management Plan written with
the security consultant's input.
I was contacted within 6 weeks of the federal government's due date. If the
Healthcare System was not ready by the due date, hefty fines would apply,
including the $25,000 per incident fine.
In addition to the fines, patients may not have used this Healthcare System
if the Healthcare System was not compliant with protecting privacy of
patients.
Remarks
I coordinated input from about 25 - 35 people.
The security consultant and I developed the high-level process for regular
internal auditing and proactive resolution prior to an incident.
The regular internal auditing that I helped put in place successfully
identified potential violations.
We also put in place a method for the customer to proactively resolve
potential violations to prevent any government penalties and managerial
consequences from being imposed.
After developing the high-level process, we had to work with each technical
area to implement the details and document their specific processes to
support the high level process.
Results
The net savings for the first year was around $600,000.
The ROI was approximately 1 month.
Their efficiency improved by about 92%.
Successful prevention of violations or fines.