Success Stories

Our client’s success in meeting their goals is our most important objective.

Security Certification for an Insurance Payment Integrity Firm

Security Certification for an Insurance Payment Integrity Firm

Trillium’s client is an insurance payment integrity consulting firm.  Due to the client’s expanding customer base and concerns with Health Insurance Portability and Accountability (HIPAA) data concerns, specifically related to protected health information (PHI,) the client wanted to obtain expanded security credentials with the Health Information Trust Alliance (HITRUST.)       

To obtain the HITRUST certification, the client needed to complete numerous activities in a specific time frame related to the Common Security Framework (CSF) created for organizations that create, share, store or access sensitive or regulated health data.  The client had numerous specific requirements that needed to be satisfied within a collapsed time frame.  As the deadline for completion approached, the client determined they needed assistance driving resolution of these action items. 

How We Solved It

Trillium to brought rigor and organization to the issue remediation process.  These requirements were related to physical and cyber security, CSF policies and procedures, and documentary evidence that HITRUST requirements were being met by the client.  We reviewed the open items to determine the level of expertise needed to remediate them.  To that end, we brought in Subject Matter Experts (SMEs) to drive the remediation of the items, while also assisting on activities where multiple actions were required.  Trillium ensured that the issues were resolved on time so that the onsite inspection by HITRUST could be scheduled for final approval.

Results

  • Client’s technical and physical security was enhanced by meeting HITRUST requirements
  • All open issues were resolved on time by creating CSF policies and procedures, documenting PHI security, and providing documentary evidence
  • Client was able to schedule the final site visit to obtain HITRUST certification so they can attract future clients for their services

Download this Success Story »

Improving HIPAA Security in a Rapidly Expanding Space

Improving HIPAA Security in a Rapidly Expanding Space

Trillium’s client is an insurance payment integrity consulting firm with a rapidly expanding client base, creating an increased risk profile for data under its control. That growth, along with customer concerns about data security, caused the client to seek outside assistance in reviewing and auditing its physical and cyber security.  Several factors contributed to the client’s concerns about security, including: a lack of security tooling or data; a soft security roadmap requiring review and remediation; existing improvements to security and analytics were neither aligned nor prioritized within the technology landscape; inconsistent HIPAA documentation; and, concerns about business continuity.

How We Solved It

Trillium reviewed and assessed the current state of the client’s security processes and technology, and drafted a risk reduction plan.  Aspects of the project included: executing a HIPAA assessment security framework; creating a security risk assessment worksheet; creating a document laying out the highest priority tasks and a security roadmap; and, benchmarking risks compared to industry averages.

Results

  • Documented remediation has the potential to substantially reduce the client’s security risks
  • Client has a path forward for consistent HIPAA documentation
  • Customers and potential customers will have greater confidence in the client’s data security and privacy

Download this Success Story »

Aligning Disaster Recovery Solutions for a Hospital Group

Aligning Disaster Recovery Solutions for a Hospital Group

Trillium’s client is a hospital group that needed assistance with the requirements and selection of a Disaster Recovery (DR) solution.  Because of significant factors relating to medical records, privacy, and security, as well as being cognizant of cost, the client wanted to ensure that they were making the correct choice DR solution.   
   
The client began its search for a DR solution by contacting vendors, and was being presented with numerous disparate and very costly solutions without first understanding the requirements.  In addition, they did not understand business risk factors to make a good choice for a DR path forward.  Other factors that need to be considered were unique emergency medical system requirements, gaps in HIPAA requirements, and technology sprawl due to uncontrolled growth.  The client needed a structured approach to its system selection.

How We Solved It

Trillium to brought rigor and organization to the DR selection process.  We used our structured system selection approach to provide clarity and alignment to the selection process.  The process included documenting the client’s current technology to align understanding within the organization; documenting business, technology, security, and product requirements including medical and HIPAA security challenges; and analyzing and scoring potential solutions to determine the best DR approach.

Results

  • A tiered solution was selected, resulting in a cost reduction of 42%
  • Technology sprawl was remediated with a 30% reduction in servers and a 25% reduction in licensing
  • Remediation of critical technology skill gaps in the organization resulted from the DR engagement

Download this Success Story »

Maturing Cyber Security in a Rapidly Expanding Software Space

Maturing Cyber Security in a Rapidly Expanding Software Space

Trillium’s client is a software and analytics company that had a rapidly expanding client base, creating an increased risk profile for data under its control. In addition, existing customers had security concerns about data loss, creating a financial and reputational risk for the client.  Security concerns have also caused lengthened sales cycles for the client.  Several factors contributed to the client’s concerns about cyber security, including a lack of security tooling or data; a soft security roadmap requiring review and remediation; and, existing improvements to security and analytics were neither aligned nor prioritized within the technology landscape.

How We Solved It

Trillium reviewed and assessed the current state of the client’s cyber security processes and technology, and begin a risk reduction plan.  The project baselined the client’s cyber security against industry standards, analyzed tactical risks of the current state, and identified a remediation approach to the security risks.  The risk-reduction program was aligned to the client’s product roadmap.

Results

  • Product improvements aligned with security risk-reduction initiative
  • Risk-remediation reduced risk by 20% in the first 3 months
  • Sales team closed the sale on 2 large accounts by addressing security concerns

Download this Success Story »