Success Stories

Our client’s success in meeting their goals is our most important objective.

Security Certification for an Insurance Payment Integrity Firm

Security Certification for an Insurance Payment Integrity Firm

Trillium’s client is an insurance payment integrity consulting firm.  Due to the client’s expanding customer base and concerns with Health Insurance Portability and Accountability (HIPAA) data concerns, specifically related to protected health information (PHI,) the client wanted to obtain expanded security credentials with the Health Information Trust Alliance (HITRUST.)       

To obtain the HITRUST certification, the client needed to complete numerous activities in a specific time frame related to the Common Security Framework (CSF) created for organizations that create, share, store or access sensitive or regulated health data.  The client had numerous specific requirements that needed to be satisfied within a collapsed time frame.  As the deadline for completion approached, the client determined they needed assistance driving resolution of these action items. 

How We Solved It

Trillium to brought rigor and organization to the issue remediation process.  These requirements were related to physical and cyber security, CSF policies and procedures, and documentary evidence that HITRUST requirements were being met by the client.  We reviewed the open items to determine the level of expertise needed to remediate them.  To that end, we brought in Subject Matter Experts (SMEs) to drive the remediation of the items, while also assisting on activities where multiple actions were required.  Trillium ensured that the issues were resolved on time so that the onsite inspection by HITRUST could be scheduled for final approval.

Results

  • Client’s technical and physical security was enhanced by meeting HITRUST requirements
  • All open issues were resolved on time by creating CSF policies and procedures, documenting PHI security, and providing documentary evidence
  • Client was able to schedule the final site visit to obtain HITRUST certification so they can attract future clients for their services

Download this Success Story »

Maturing Cyber Security in a Rapidly Expanding Software Space

Maturing Cyber Security in a Rapidly Expanding Software Space

Trillium’s client is a software and analytics company that had a rapidly expanding client base, creating an increased risk profile for data under its control. In addition, existing customers had security concerns about data loss, creating a financial and reputational risk for the client.  Security concerns have also caused lengthened sales cycles for the client.  Several factors contributed to the client’s concerns about cyber security, including a lack of security tooling or data; a soft security roadmap requiring review and remediation; and, existing improvements to security and analytics were neither aligned nor prioritized within the technology landscape.

How We Solved It

Trillium reviewed and assessed the current state of the client’s cyber security processes and technology, and begin a risk reduction plan.  The project baselined the client’s cyber security against industry standards, analyzed tactical risks of the current state, and identified a remediation approach to the security risks.  The risk-reduction program was aligned to the client’s product roadmap.

Results

  • Product improvements aligned with security risk-reduction initiative
  • Risk-remediation reduced risk by 20% in the first 3 months
  • Sales team closed the sale on 2 large accounts by addressing security concerns

Download this Success Story »

Improving Privacy and Security at a Hospice Provider

Improving Privacy and Security at a Hospice Provider

Trillium’s client is a hospice provider that had recently completed the merger of three (3) long-term care organizations.  Through that merger, the hospice provider experienced a great deal of expansion and growth, and, thus, has undertaken a significant effort to consolidate and standardize its security and privacy processes.   

The merger of Trillium’s client from 3 organizations into a single entity presented challenges that required remediation, both from a managerial and technical perspective.  Prior to the merger, each organization had its own set of IT systems, policies, and procedures, causing staff confusion in the merged organization, resulting in selective adherence to the governance processes.   

Also, staff in the merged organization did not have an adequate understanding of regulatory gaps within the technology ecosystem, and did not have a standardized risk management approach.  Knowledge and documentation gaps in the merged organization risked the client’s ability to pass a Federally-mandated HIPAA audit, failure of which could result in significant fines.   

How We Solved It

Trillium worked with corporate management and support teams to analyze the client’s technology landscape, including documenting the current state of technology governance, baselining the organization against industry standards, and identifying and prioritizing privacy and security gaps.

Trillium’s resulting assessment included an understanding of security and privacy needs of the organization, creating and driving a remediation roadmap, creating a common language for governance, and training the client’s team on common governance and HIPAA tracking.

Results

  • A single set of documented privacy and security policies and procedures for the merged organization, resulting in policy clarity and consist
  • Established a common Risk Management Language and Tracking Framework for HIPAA compliance
  • Passed the HIPAA security and privacy audit

Making the Most of Network and Technology at a Marketing and Financial Company

Making the Most of Network and Technology at a Marketing and Financial Company

Trillium’s client is a Marketing and Financial company that offers rewards programs, merchant cash advance programs, and marketing services.  The company is experiencing growth within its partner network.  This has the potential to significantly increase the number of members that will be leveraging the company’s product and services along with the demand on its technology infrastructure. 
 
Due to growth within our client’s members and partners, there has been an increased reliance on their network in order to respond to user demands.  Recently, Trillium’s client began experiencing a number of network-related issues.  These disruptions have raised questions for our client as to whether the root cause(s) of the disruptions are people, process, or technology issues.  Additionally, the increasing demands resulting from growth have created concerns surrounding the risks the company may have with its infrastructure.  Client Management wanted to conduct an overall review and assessment of its infrastructure.  This included reviewing network architecture and infrastructure designs, as well as reviewing infrastructure operations people, process, tools and technology in order to identify potential technology risks to the organization.  This will assist our client in quantifying risks to company stability and growth over a 3-year horizon, and allow our client to make immediate decisions about their current network and systems and the organization and processes supporting their technology.

How We Solved It

Trillium first interviewed IT personnel and key stakeholders to determine a baseline for how well IT and networks were performing against expectations, as well as to help determine the technology and network needs from the organization in order to effectively support the client. Trillium reviewed extensive technology-related documentation and performed an analysis that would assist in identifying the best course of action.  Numerous recommendations were generated so that our Client would have a roadmap to its future actions, including: targeting future organizational structure; identification of key processes to be standardized across the organization; identification of prioritized factors along with their importance and our Client’s current capability levels; and prioritization of telecom initiatives.

Results

  • Network and technology stabilization path beginning by starting work on establishing IT Strategy, Rules of Engagement, and definition of Suc
  • Began to align the IT Organization to Capability Maturity Model Level 2
  • Standard metrics and reporting will help to stabilize the path forward

Download this Success Story »