Serving as a Trusted Advisor for a Long-Term Care Facility

Serving as a Trusted Advisor for a Long-Term Care Facility

Challenge: The Company is not up-to-date with its policies and procedures related to mitigating risks and adhering to the HIPAA security standard, alluding to a larger issue with internal controls and processes throughout the organization.

Solution: Assess the environment in accordance with the HIPAA security standard and assist with identification and documentation of any gaps. Help manage the implementation of both operational and IT controls to adhere to the HIPAA standard, as well as mitigate identified risks within the overall environment.


The Client is a respected long-term care facility within its community. The CFO knew that their HIPAA practices needed attention/remediation and asked that we assess the current environment. As a result of our assessment, we identified a multitude of areas that needed attention, including policies and procedures, IT governance, management and support. As is often the case with this work, the original problem was actually the symptom of larger issues within the organization. At the time, the Client was conducting business using largely manual processes with little reliance on systems and technology, particularly from a documentation retention perspective. We assisted with a prioritization roadmap of what to tackle first given the risk factors of the gaps we identified.

As a result of our recommendations, they decided to implement a system to automate documentation and nursing practices. This introduced a second layer of risk mitigation needed from a technology control perspective. Our team once again assessed the environment with an internal management team to determine which areas needed attention. We developed a model to work through all required policies, procedures and controls to secure the Facility according to the HIPAA standard.

As our relationship continues to progress, the CFO calls on our team as a trusted advisor. In addition to the HIPAA work, we have assisted and continue to work with the Client on various projects including:

  • Issue identification/Discovery/Resolution
  • Point of sales system selection and implementation
  • Physical security system selection (facility premises)
  • Telephone solution management
  • Technology personnel hiring
  • Oversight of procedural implementation
  • Vendor management

The Client is currently operating with operational and IT HIPAA policies and procedures in place and is moving on to training its employees on the newly adopted controls.

Interested in learning more?

Lead Contacts

Patrick Morin


Pat began at Baker Newman Noyes in 1995 when the firm was founded, having previously been with one of our predecessor organizations since 1988. Pat is a principal of the firm and the director of the risk and business advisory practice.

Ilona Davis


Ilona has more than twelve years of experience leading and coordinating the daily efforts for audit and consulting projects across numerous industries. She has provided a wide range of advisory services, including regulatory compliance and controls, IT and business risk management, service organization examinations including SOC examinations, IT strategy, system selection, IT security, IT audit, and business process improvement.