The Fast Track to HIPAA Compliance and Productivity

A regional U.S. healthcare system sought to eliminate its reliance on time-consuming, disparate and complex spreadsheets for managing HIPAA compliance.

The organization partnered with NTT DATA and its healthcare consulting experts to innovate and automate HIPAA security risk assessments, reporting and remediation.

HIPAA on chalk board

Business Needs

Since 1996, the Healthcare Insurance Portability and Accountability Act (HIPAA) has required United States healthcare providers to protect sensitive patient health information. Providers need to allow for the flow of health information in delivering quality care while also correctly securing that data.

One such provider, a regional healthcare system based in the United States, recognizes the value of protecting sensitive health information for its 1.5 million patients. However, doing so across its acute care and specialty hospitals and hundreds of ambulatory sites is no small task.

Acknowledging that its manual approach to HIPAA risk assessments was time-consuming, complex and outdated, the organization turned to NTT DATA for an automated solution. That solution, coupled with the support of NTT DATA Healthcare Consulting Services, gives the healthcare system the power to accurately, quickly and cost-effectively assess and manage HIPAA compliance.

Outcomes

100% of locations assessed in the security posture
6 weeks the new time required for a risk assessment process 
  • Resource strain was minimized to allow for more high-value activities
  • Proactive risk management improved with an efficient and timely remediation plan
  • Reporting to regulatory agencies was simplified

Solution

Simplify compliance with automation

A security risk assessment (SRA) reveals risks and vulnerabilities that can lead to a data breach that compromises health information. Proactively ensuring HIPAA compliance requires that multiple business units within health systems complete and review their SRA annually.

Completing an SRA is complex, especially if the required information is decentralized and managed manually. With renewed compliance policies, procedures and an automated solution, health systems can eliminate the task of working manually in spreadsheets and accelerate the annual evidence-gathering process.

To that end, this healthcare system partnered with NTT DATA to deploy an automated SRA solution designed explicitly for healthcare organizations.

The HIPAA SRA platform is a cloud-based Software as a Service (SaaS) designed for cost-effective deployment and management. The platform offers risk rating calculations and remediation tracking in a digital, user-friendly interface that simplifies fulfilling an organization’s obligations to health information security and privacy. Implementing a HIPAA SRA platform can revolutionize an organization’s relationship with compliance.

Scrap the spreadsheets

With the automated HIPAA SRA solution, this healthcare system removes the risks and effort associated with managing data in disparate spreadsheets across the organization. The solution streamlines intake with a step-by-step, guided interface prompting users for relevant compliance data.

The platform stores each year’s data and remediation plans so that both are easily accessible year-over-year. That allows the organization to easily build on the previous year’s SRA, only needing to address changes in their organizational structure and compliance regulations. The SRA platform greatly simplifies monitoring those regulatory changes — it provides continuous updates made to HIPAA, eliminating the need to track those changes manually.

By automating the process, the healthcare organization is now much more efficient. For example, automation has cut the time spent preparing compliance assessments from two months to two weeks.

Trust in high-touch talent

As it looked to modernize its HIPAA compliance process, the organization knew it needed more than a software solution. It also required the high-touch services and subject matter expertise offered by healthcare consultants. With NTT DATA’s Consulting Services, the organization fully transformed its process, bringing the security, efficiency and assurance the health system needed.

The healthcare system worked with NTT DATA’s consulting team to fast-track its journey to compliance automation. NTT DATA provided it with a dedicated healthcare subject matter expert to guide it through the HIPAA SRA platform and improve the quality of the assessment.

Before adopting the SRA solution, the healthcare organization’s assessments had sampled data and policies from just 10% of its care delivery sites. While adequate, that sample size could expose it to unknown compliance risks. However, with guidance from NTT DATA consultants, the organization rolled 100 percent of its locations into the automated platform, thereby substantially mitigating its compliance risk.

The organization’s engagement with NTT DATA goes beyond guidance for data input to the HIPAA SRA platform. Together, they review the assessment results and design ongoing risk remediation plans. With the automation built into the SRA platform, they can rapidly create validated compliance reports customized to the needs of each regulatory agency.

Transformed Security Risk Assessments

The healthcare system now has the automated tools and processes it needed to transform its HIPAA compliance approach. Risk assessments based on manual data entry into spreadsheets distributed throughout the organization are fully automated. The organization can proactively assess risk across all its sites, develop remediation plans, simplify reporting to auditors and thereby improve its overall security posture while ensuring continuous protection of patient data.

About This Case Study

A regional U.S. healthcare system worked with NTT DATA to innovate and automate HIPAA security risk assessments, reporting and remediation.

Industry

Healthcare

Headquarters

United States

More Case Studies