Success Stories

Our client’s success in meeting their goals is our most important objective.

Security Certification for an Insurance Payment Integrity Consulting Firm

Trillium’s client is an insurance payment integrity consulting firm.  Due to the client’s expanding customer base and concerns with HIPAA data concerns, specifically related to protected health information (PHI,) the client wanted to obtain an expanded security certification with the Health Information Trust Alliance (HITRUST.)     
 
To obtain the HITRUST certification, the client needed to complete numerous activities in a specific timeframe related to the Common Security Framework (CSF) created for organizations that create, share, store or access sensitive or regulated health data.  The client created tickets in their issue management system for several hundred activities.  As the deadline for completion approached, the client determined they needed assistance with issue resolution to close out the remaining open items.

How We Solved It

Trillium to brought rigor and organization to the open item (ticket) resolution process.  Tickets were related to physical and cyber security, CSF policies and procedures, and documentary evidence that HITRUST requirements were being met by the client.  We reviewed the remaining open items (tickets) to determine the level of expertise needed to remediate the tickets, and drove the remediation of approximately half of the remaining tickets, while also assisting on activities where multiple activities were required.  Trillium ensured that the tickets were remediated on time so that the onsite inspection by HITRUST could be scheduled for final approval.

Results

  • Client’s technical and physical security was enhanced by meeting HITRUST requirements
  • A nominal number of open tickets were completed on time by creating CDF policies and procedures, documenting PHI security, and providing doc
  • Client was able to schedule the final site visit to obtain HITRUST certification so they can attract future clients for their services

Download this Success Story »

Improving HIPAA Security in a Rapidly Expanding Space

Trillium’s client is an insurance payment integrity consulting firm with a rapidly expanding client base, creating an increased risk profile for data under its control. That growth, along with customer concerns about data security, caused the client to seek outside assistance in reviewing and auditing its physical and cyber security.  Several factors contributed to the client’s concerns about security, including: a lack of security tooling or data; a soft security roadmap requiring review and remediation; existing improvements to security and analytics were neither aligned nor prioritized within the technology landscape; inconsistent HIPAA documentation; and, concerns about business continuity.

How We Solved It

Trillium reviewed and assessed the current state of the client’s security processes and technology, and drafted a risk reduction plan.  Aspects of the project included: executing a HIPAA assessment security framework; creating a security risk assessment worksheet; creating a document laying out the highest priority tasks and a security roadmap; and, benchmarking risks compared to industry averages.

Results

  • Documented remediation has the potential to substantially reduce the client’s security risks
  • Client has a path forward for consistent HIPAA documentation
  • Customers and potential customers will have greater confidence in the client’s data security and privacy

Download this Success Story »

Aligning Disaster Recovery Solutions for a Hospital Group

Aligning Disaster Recovery Solutions for a Hospital Group

Trillium’s client is a hospital group that needed assistance with the requirements and selection of a Disaster Recovery (DR) solution.  Because of significant factors relating to medical records, privacy, and security, as well as being cognizant of cost, the client wanted to ensure that they were making the correct choice DR solution.   
   
The client began its search for a DR solution by contacting vendors, and was being presented with numerous disparate and very costly solutions without first understanding the requirements.  In addition, they did not understand business risk factors to make a good choice for a DR path forward.  Other factors that need to be considered were unique emergency medical system requirements, gaps in HIPAA requirements, and technology sprawl due to uncontrolled growth.  The client needed a structured approach to its system selection.

How We Solved It

Trillium to brought rigor and organization to the DR selection process.  We used our structured system selection approach to provide clarity and alignment to the selection process.  The process included documenting the client’s current technology to align understanding within the organization; documenting business, technology, security, and product requirements including medical and HIPAA security challenges; and analyzing and scoring potential solutions to determine the best DR approach.

Results

  • A tiered solution was selected, resulting in a cost reduction of 42%
  • Technology sprawl was remediated with a 30% reduction in servers and a 25% reduction in licensing
  • Remediation of critical technology skill gaps in the organization resulted from the DR engagement

Download this Success Story »

Maturing Cyber Security in a Rapidly Expanding Software Space

Maturing Cyber Security in a Rapidly Expanding Software Space

Trillium’s client is a software and analytics company that had a rapidly expanding client base, creating an increased risk profile for data under its control. In addition, existing customers had security concerns about data loss, creating a financial and reputational risk for the client.  Security concerns have also caused lengthened sales cycles for the client.  Several factors contributed to the client’s concerns about cyber security, including a lack of security tooling or data; a soft security roadmap requiring review and remediation; and, existing improvements to security and analytics were neither aligned nor prioritized within the technology landscape.

How We Solved It

Trillium reviewed and assessed the current state of the client’s cyber security processes and technology, and begin a risk reduction plan.  The project baselined the client’s cyber security against industry standards, analyzed tactical risks of the current state, and identified a remediation approach to the security risks.  The risk-reduction program was aligned to the client’s product roadmap.

Results

  • Product improvements aligned with security risk-reduction initiative
  • Risk-remediation reduced risk by 20% in the first 3 months
  • Sales team closed the sale on 2 large accounts by addressing security concerns

Download this Success Story »