Trillium’s client is an insurance payment integrity consulting firm. Due to the client’s expanding customer base and concerns with Health Insurance Portability and Accountability (HIPAA) data concerns, specifically related to protected health information (PHI,) the client wanted to obtain expanded security credentials with the Health Information Trust Alliance (HITRUST.)
To obtain the HITRUST certification, the client needed to complete numerous activities in a specific time frame related to the Common Security Framework (CSF) created for organizations that create, share, store or access sensitive or regulated health data. The client had numerous specific requirements that needed to be satisfied within a collapsed time frame. As the deadline for completion approached, the client determined they needed assistance driving resolution of these action items.
How We Solved It
Trillium to brought rigor and organization to the issue remediation process. These requirements were related to physical and cyber security, CSF policies and procedures, and documentary evidence that HITRUST requirements were being met by the client. We reviewed the open items to determine the level of expertise needed to remediate them. To that end, we brought in Subject Matter Experts (SMEs) to drive the remediation of the items, while also assisting on activities where multiple actions were required. Trillium ensured that the issues were resolved on time so that the onsite inspection by HITRUST could be scheduled for final approval.
- Client’s technical and physical security was enhanced by meeting HITRUST requirements
- All open issues were resolved on time by creating CSF policies and procedures, documenting PHI security, and providing documentary evidence
- Client was able to schedule the final site visit to obtain HITRUST certification so they can attract future clients for their services