Customer Success Story. Central Logic. Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance.

Size: px

Start display at page:

Download "Customer Success Story. Central Logic. Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance."

Brook Blanche French
8 years ago
Views:

1 Customer Success Story Central Logic Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance.

2 Page 2 of 6 Central Logic Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance. Table of Contents Page 2 Overview Page 3 The Challenge Page 3 The Solution Page 4 The Results Overview More than eight years ago, Central Logic began providing automated hospital transfer center solutions and on-call scheduling software that covers the entire patient flow continuum. Today, 430 hospitals rely on Central Logic Transfer Software to transfer patients from hospitals to specialists such as cardiologists, track patients as they move among care providers, and manage staffing and bed capacity. Central Logic Transfer Software has consistently added millions of dollars to hospital margins by helping them manage available beds, reduce wait times, and increase provider and patient satisfaction. As a vital step toward full HIPAA compliance, As a vital step toward full HIPAA compliance, as well as further enhancing PHI security, Central Logic began hosting its Transfer Software through ClearDATA s HIPAA compliant, cloud-based infrastructure. Half of Central Logic s customers implement their solutions using on-site servers, the other half host them through ClearDATA s HIPAA-compliant, cloud-based infrastructure. Central Logic also teaches hospital leaders how to drive process and organizational changes to enhance efficiency, because optimizing patient flow requires matching each hospital s or hospital system s unique processes, systems, personnel, and patient profiles and then developing a custom plan to match the situation.

solutions and on-call scheduling software that covers the entire patient flow continuum.

3 Page 3 of 6 The Challenge As a company responsible for patient flow and information transfer, Central Logic recognizes the need to safeguard protected health information (PHI), regardless of where the data resides, and ensure that information is not compromised while in transit from one healthcare facility to another. For Central Logic and other healthcare software solution providers, security audits are no longer optional. A security program is now required by state and federal laws to establish mechanisms and processes that enable them to assess HIPAA policy compliance and adhere to specific PHI data controls. To accomplish the task, they must implement security risk assessments (SRAs) on a routine basis and establish technology, processes, and training to mitigate the high-stakes risks of compromising PHI. Until recently, Central Logic did not have a state-of-the-art security plan and processes in place. We spent the first couple of years in business without understanding our full risk profile for compromising PHI, says Kris Lundell, chief security and information privacy officer for Central Logic. We had to determine where PHI resided, where and when it moved, learn more about the consequences of data breaches, establish a current benchmark, and learn what was needed to lead our industry in terms of privacy and security. The Solution Central Logic chose ClearDATA for conducting SRAs based on several factors: a dedicated focus on healthcare, an expert team, and Health Information Trust Alliance (HITRUST) certification - the most important criterion for Central Logic.

For Central Logic and other healthcare software solution providers, security audits are no longer optional.

4 Page 4 of 6 ClearDATA s Common Security Framework Certified status from HITRUST meant a lot to us, says Lundell. This independent, third-party certification assured us that ClearDATA met the highest standards for managing security risks and protecting health information. Central Logic had several obstacles to overcome in conducting a comprehensive SRA, including fast timelines for becoming HIPAAcompliant, the need to cover multiple locations, and investigate customers disparate systems in cases when client data stored in Central Logic Transfer Software is located on on-site servers. ClearDATA helped Central Logic meet its goals. We found a vendor with equal or more exacting standards and criteria than we had, says Lundell. Through its infrastructure and expertise, ClearDATA helped us unload some of the risks we face in securing PHI. The Results Central Logic conducted an initial SRA with ClearDATA and plans to engage with the company every other year for a follow-up assessment. ClearDATA identified 35 key areas of focus, and prioritized them for us, helping us tackle critical, medium, and lower requirements in the right order, says Lundell. The results were comprehensive, and ClearDATA was just a phone call away if a recommendation didn t make complete sense. They were open to giving us scenarios of what other organizations are doing and what it would take us to come up to or exceed industry standards. The initial SRA produced several key findings. ClearDATA presented recommendations and remediation plans step-by-step so that the Central Logic leadership team understood what had to be done. Although Central Logic had data in transit covered per the HIPAA rules, the company had a lot of work to do to secure data at rest. This meant re-architecting the company s network and adding secure VLANs to better protect sensitive data.

Central Logic had several obstacles to overcome in conducting a comprehensive SRA, including fast timelines for becoming HIPAAcompliant, the need to cover multiple locations, and investigate

5 Page 5 of 6 Next, based on ClearDATA s findings, Central Logic conducted extensive employee training, and implemented robust desktop policies and procedures for encryption, something that had not existed at the company prior to ClearDATA s evaluation. As a Chief Security and Information Privacy Officer, Lundell already had extensive training in privacy and security, but through ClearDATA s expertise, he was able to avail himself of more hands-on best practices. I learned from ClearDATA that it s risky to trust what you think you know, even if you ve been in security and privacy for years, Lundell says. There s a difference between book knowledge and real-world implementation. ClearDATA helped me understand that. They also have enabled us to secure PHI within the boundaries of our available budgets and resources. The transformation has been dramatic for Central Logic, giving the company confidence that even if a data breach did occur, the consequences would be far less dire than they would have been before ClearDATA came into the picture. Enhancing PHI security is also good for Central Logic s bottom line. Being fully HIPAA-compliant helps us get business, Lundell says. Three years ago, clients didn t ask about security and compliance. Today, there has been a 100 percent change, and all of our clients and potential customers ask us as a Business Associate if we conduct security audits and are fully HIPAAcompliant right up front. When we show them our established, proven security measures, we immediately jump to the top of the list for new or ongoing business consideration.

As a Chief Security and Information Privacy Officer, Lundell already had extensive training in privacy and security, but through ClearDATA s expertise, he was able to avail himself of more hands-on

6 About Us ClearDATA is the nation s fastest growing healthcare cloud computing company. More than 310,000 healthcare professionals rely on ClearDATA s HIPAA compliant cloud computing HealthDATA platform and infrastructure to store, manage, protect and share their patient data and critical applications. For more information 1600 W. Broadway Road, Tempe AZ (800)

HealthDATA platform and infrastructure to store, manage, protect and share their patient data

Customer Success Story. MindLinc. Behavioral Health EMR Moves to the Cloud

Customer Success Story. MindLinc. Behavioral Health EMR Moves to the Cloud Customer Success Story MindLinc Behavioral Health EMR Moves to the Cloud Page 2 of 5 Behavioral Health EMR Moves to the Cloud Table of Contents Page 2 Overview Page 2 The Challenge Page 3 The Solution