Internal Medicine Associates of Memphis Achieves HIPAA compliance

Transcription

1 Aegify SecureGRC CUSTOMER CASE STUDY Internal Medicine Associates of Memphis Achieves HIPAA compliance Check your Security and Compliance Status the Aegify way!

2 Disclaimer Page 2 THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, AEGIFY TECHNOLOGIES INC. PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of Aegify, Inc., except as otherwise permitted by law. Except as expressly set forth in such license agreement or nondisclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of authorized personnel Aegify Inc. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. Information about and around HIPAA and HITECH continues to evolve and the information here are subject to change. This information is provided as is without warranty While every effort has been made to insure that the information presented is correct, but we cannot offer such assurances. HIPAA /HITECH rules and regulations are subject to lots of different interpretations and this is subjective. You should not rely on this information for auditing or legal purposes, but simply use it as a means to raise your awareness. We are not attorneys! Consult with your own legal counsel, auditors or advisors. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. Changes or improvements may be made to the software described in this document at any time Aegify Inc., all rights reserved. CONTENT OUTLINE Background & Challenges... 3 Key Requirements... 3 SecureGRC: a HIPAA Solution to the rescue... 3 Results of using SecureGRC... 4 Conclusions: quick deployment, easy to use, a business-saver... 4

3 Page 3 Internal Medicine Associates of Memphis Achieves HIPAA compliance Background & Challenges We had no idea where our compliance posture stood, or how much of our daily practices were already in compliance. However we did know that we were not in compliance as much as we should ve been, said Donnell, office manager for Internal Medicine Associates of Memphis, Tennessee. This is not an uncommon view among small medical practices nationwide. HIPAA data privacy laws coupled with HITECH security rules and enforcement is complex and foreign to most offices. These small businesses are not blessed by the deep pockets or internal IT resources enjoyed by larger clinics and hospitals to fund and obey HIPAA compliance standards. In most cases, outside consulting firms are hired, charging tens of thousands of dollars to ensure that hospitals receive the training and directives they need to stay in compliance. Not so for most small medical practices. Key Requirements Electronic health records (EHR) systems have certainly made management of confidential patient records easier in some respects but not necessarily more secure. The federal government is also encouraging the deployment of EHR via a program of monetary incentives that follow guidelines set out by Meaningful use practices. Offices that have not implemented EHR are not qualified to file for these incentives. The pressure is on for all medical practices regardless of size, to upgrade to EHR. The sad reality is that, like many offices our size, we are still using paper forms, said Donnell. We have paper records that are years old that can be difficult to find because nothing is online. With three full-time primary care physicians and nine employees, Internal Medicine Associates of Memphis was facing a high degree of risk and potential fines for noncompliance. SecureGRC: a HIPAA Solution to the rescue Fortunately, they turned to David Altizer, vice president of SOS Systems of Memphis, to cure their ailments with a HIPAA compliance solution and set of best practices. Immediately, SOS Systems, a Managed Compliance Provider (MCP) partner of Santa Clara, Calif.-based Aegify rolled up their sleeves and began putting into action a HIPAA strategy. Starting with an evaluation to assess needs, SOS used the native templates available in Aegify s SecureGRC SB solution to set up policies and automate procedures, thus helping to manage a decade s worth of patient records.

4 We started with nothing, and SOS thankfully provided all the documentation we needed, said Donnell. We scanned into the system hundreds of patient files. Using SecureGRC SB, we performed an assessment that instructed us how to proceed with aligning ourselves with HIPAA compliancy. We could browse and click and see where things had to be. SOS trained us on using SecureGRC SB and explained how and where we needed to be compliant. Donnell also realized that following HIPAA best practices would also lead to running her medical office more efficiently as a business. With the help of SOS Systems, Donnell could rest assure they were on the right track. We promised to do whatever it took to get compliant. The last thing we wanted was to deal with a fine, she said. Results of using SecureGRC Donnell found SecureGRC SB easy to use and deploy. The web-based system simply asks a lot of questions, like a multiple choice test. We selected the answers and then attached the appropriate document to update and prove compliance. The system gave me confidence that policies and procedures were being followed, and that patient records were being managed successfully. We enjoyed working with SOS Systems and did not consider using another service provider. They have been very helpful. This was our first working experience and we are satisfied with the results, said Donnell. Page 4 Conclusions: quick deployment, easy to use, a business-saver The SecureGRC SB solution was self-explanatory from the get-go. I figured that if I could use it, then anybody else could, too. Soon enough, I found myself conducting the assessments alone without any help, admitted Donnell. The whole process took less than two hours, and that included attaching documents, proving compliance, and completing the entire process. Wherever we needed guidance, SOS stepped in to help. Regarding HIPAA, we now have peace of mind. SOS has been a true life, or rather, business, saver. Resources: Internal Medicine Associates of Memphis (901) Walnut Grove Rd. Suite 627 Memphis, TN Aegify Cupertino, CA info@aegify.com +1 (408) Aegify Tampa Bay Business Partner APEX Healthcare IT milt@apex-hit-com apex-hit.com # # #

5 Page 5 About Aegify Inc.: Aegify < is a world-class, innovation driven, leading provider of cloud-computing based business solutions for information security and IT-GRC management. Aegify is headquartered in Santa Clara, California, and has offices in US, Asia- Pacific and Middle East. Aegify was nominated Breakthrough Technology Vendor at XChange Americas, August, 2010, and selected by SiliconIndia among the Top 10 Security Companies to Watch. The flagship product SecureGRC application was voted runner-up in the Managed Services Category at Xchange Tech Innovators, Nov To learn more about SecureGRC and SecureGRC SB versions from Aegify and how it can help you protect your healthcarerelated organization, visit call us at +1-(408) , or at mailto:sales@aegify.com.