Success Stories

Our client’s success in meeting their goals is our most important objective.

Security Certification for an Insurance Payment Integrity Firm

Security Certification for an Insurance Payment Integrity Firm

Trillium’s client is an insurance payment integrity consulting firm.  Due to the client’s expanding customer base and concerns with Health Insurance Portability and Accountability (HIPAA) data concerns, specifically related to protected health information (PHI,) the client wanted to obtain expanded security credentials with the Health Information Trust Alliance (HITRUST.)       

To obtain the HITRUST certification, the client needed to complete numerous activities in a specific time frame related to the Common Security Framework (CSF) created for organizations that create, share, store or access sensitive or regulated health data.  The client had numerous specific requirements that needed to be satisfied within a collapsed time frame.  As the deadline for completion approached, the client determined they needed assistance driving resolution of these action items. 

How We Solved It

Trillium to brought rigor and organization to the issue remediation process.  These requirements were related to physical and cyber security, CSF policies and procedures, and documentary evidence that HITRUST requirements were being met by the client.  We reviewed the open items to determine the level of expertise needed to remediate them.  To that end, we brought in Subject Matter Experts (SMEs) to drive the remediation of the items, while also assisting on activities where multiple actions were required.  Trillium ensured that the issues were resolved on time so that the onsite inspection by HITRUST could be scheduled for final approval.

Results

  • Client’s technical and physical security was enhanced by meeting HITRUST requirements
  • All open issues were resolved on time by creating CSF policies and procedures, documenting PHI security, and providing documentary evidence
  • Client was able to schedule the final site visit to obtain HITRUST certification so they can attract future clients for their services

Download this Success Story »

Improving HIPAA Security in a Rapidly Expanding Space

Improving HIPAA Security in a Rapidly Expanding Space

Trillium’s client is an insurance payment integrity consulting firm with a rapidly expanding client base, creating an increased risk profile for data under its control. That growth, along with customer concerns about data security, caused the client to seek outside assistance in reviewing and auditing its physical and cyber security.  Several factors contributed to the client’s concerns about security, including: a lack of security tooling or data; a soft security roadmap requiring review and remediation; existing improvements to security and analytics were neither aligned nor prioritized within the technology landscape; inconsistent HIPAA documentation; and, concerns about business continuity.

How We Solved It

Trillium reviewed and assessed the current state of the client’s security processes and technology, and drafted a risk reduction plan.  Aspects of the project included: executing a HIPAA assessment security framework; creating a security risk assessment worksheet; creating a document laying out the highest priority tasks and a security roadmap; and, benchmarking risks compared to industry averages.

Results

  • Documented remediation has the potential to substantially reduce the client’s security risks
  • Client has a path forward for consistent HIPAA documentation
  • Customers and potential customers will have greater confidence in the client’s data security and privacy

Download this Success Story »

Analyzing Technology Processes at a Fraud Prevention Association

Analyzing Technology Processes at a Fraud Prevention Association

Trillium’s client is an insurance organization dedicated to assisting in the profitability of the insurance industry.  Numerous companies and strategic partners comprise its membership.  Data received from member organizations is aggregated and used for predictive analytics to assist in the organization’s mission.  The organization has grown significantly in the last several years, potentially significantly increasing the number of members that will be leveraging the organization’s services along with the demand on its technology infrastructure.   
Our client recently did a survey of its organization and the results showed an apparent gap between the existing technical work to be performed and the available IT resources to perform them.  In addition, Management wanted to ensure that IT is well positioned to support additional growth opportunities.  Client Management was proactive and determined that an assessment was needed to understand any risks with current IT staff and infrastructure.  This would include bench-marking the staff and technology infrastructure organization against its peers, which would assist in evaluating any action to mitigate risks within IT.  The analysis will allow our client to make immediate decisions about their current systems, along with the organization and processes supporting their technology environment. 

How We Solved It

Areas to be reviewed included organizational structure, staffing, infrastructure, operating procedures, security assessments, security audits, and business continuity.  Trillium first interviewed key stakeholders to determine a baseline for how well technology was performing against the client’s expectations.  Following the interviews, Trillium used our standard methodology in order to facilitate the assessment with an Information Technology Infrastructure Library (ITIL) baseline analysis, and a System Development Lifecycle (SDLC) baseline analysis of all project phases.  In addition, Trillium weighted business risk strategy and understand probability of occurrence, as well as performing a peer organization benchmark analysis. 

Findings from the analysis indicated that the SDLC is the largest risk area, followed by IT Strategy Finally, better communication between IT and the business is needed, by formally defining and managing interactions, as well as by including IT leadership in the group of organizational department heads. 

The findings and recommendations were consolidated into a report that Trillium presented to key client executives and IT leadership to allow visibility and buy-in across client leadership.

Results

  • Began SDLC improvement by establishing standard project management process, defining metrics, and formalizing intake, tracking, and reportin
  • Began to strategically align the IT Organization with the business and pushing IT out of its comfort zone
  • Began to develop better communication vehicles by creating prioritization for projects, status reporting, and formal cadence for delivering

Download this Success Story »