Serving as a Trusted Advisor for a Long-Term Care Facility
The Company is not up-to-date with its policies and procedures related to mitigating risks and adhering to the HIPAA security standard, alluding to a larger issue with internal controls and processes throughout the organization.
Assess the environment in accordance with the HIPAA security standard and assist with identification and documentation of any gaps. Help manage the implementation of both operational and IT controls to adhere to the HIPAA standard, as well as mitigate identified risks within the overall environment.
HOW WE HELPED
The Client is a respected long-term care facility within its community. The CFO knew that their HIPAA practices needed attention/remediation and asked that we assess the current environment. As a result of our assessment, we identified a multitude of areas that needed attention, including policies and procedures, IT governance, management and support. As is often the case with this work, the original problem was actually the symptom of larger issues within the organization. At the time, the Client was conducting business using largely manual processes with little reliance on systems and technology, particularly from a documentation retention perspective. We assisted with a prioritization roadmap of what to tackle first given the risk factors of the gaps we identified.
As a result of our recommendations, they decided to implement a system to automate documentation and nursing practices. This introduced a second layer of risk mitigation needed from a technology control perspective. Our team once again assessed the environment with an internal management team to determine which areas needed attention. We developed a model to work through all required policies, procedures and controls to secure the Facility according to the HIPAA standard.
As our relationship continues to progress, the CFO calls on our team as a trusted advisor. In addition to the HIPAA work, we have assisted and continue to work with the Client on various projects including:
- Issue identification/Discovery/Resolution
- Point of sales system selection and implementation
- Physical security system selection (facility premises)
- Telephone solution management
- Technology personnel hiring
- Oversight of procedural implementation
- Vendor management
The Client is currently operating with operational and IT HIPAA policies and procedures in place and is moving on to training its employees on the newly adopted controls.
Disclaimer of Liability: This publication is intended to provide general information to our clients and friends. It does not constitute accounting, tax, investment, or legal advice; nor is it intended to convey a thorough treatment of the subject matter.