Trillium’s client is a hospice provider that had recently completed the merger of three (3) long-term care organizations. Through that merger, the hospice provider experienced a great deal of expansion and growth, and, thus, has undertaken a significant effort to consolidate and standardize its security and privacy processes.
The merger of Trillium’s client from 3 organizations into a single entity presented challenges that required remediation, both from a managerial and technical perspective. Prior to the merger, each organization had its own set of IT systems, policies, and procedures, causing staff confusion in the merged organization, resulting in selective adherence to the governance processes.
Also, staff in the merged organization did not have an adequate understanding of regulatory gaps within the technology ecosystem, and did not have a standardized risk management approach. Knowledge and documentation gaps in the merged organization risked the client’s ability to pass a Federally-mandated HIPAA audit, failure of which could result in significant fines.
How We Solved It
Trillium worked with corporate management and support teams to analyze the client’s technology landscape, including documenting the current state of technology governance, baselining the organization against industry standards, and identifying and prioritizing privacy and security gaps.
Trillium’s resulting assessment included an understanding of security and privacy needs of the organization, creating and driving a remediation roadmap, creating a common language for governance, and training the client’s team on common governance and HIPAA tracking.
- A single set of documented privacy and security policies and procedures for the merged organization, resulting in policy clarity and consist
- Established a common Risk Management Language and Tracking Framework for HIPAA compliance
- Passed the HIPAA security and privacy audit