INDUSTRIES

 

 

Industry
Healthcare

Client Service Offering
The client stores medical claim data which it summarizes and warehouses to allow insurance companies to perform analytical procedures on particular insurance plans. The client accepts the claim data and then allows the client to run financial reports to determine the return on a particular insurance plan.

Client Need
The client needs to provide independent verification of its security surround protected health information to its current and future customers. Current customers wanted the client to provide a SAS 70 audit to demonstrate its compliance with security parameters. However, given its services lack of affect on the customer’s financial reporting a SAS 70 audit was not applicable.

Solution
A-lign determined that a HIPAA Compliance Review would be appropriate for the client. A-lign performed a walk through of the process to determine the risk of Private Healthcare Information (PHI) breach in the process. A-lign separated these risks into Administrative, Technical, and Physical categories. A-lign identified the controls that should be in place to protect the PHI and performed a gap assessment of those controls in place versus those that should be in place. A-lign provided recommendations to the client for gap remediation. Our subsequent onsite visit allow A-lign to perform testing of the controls to determine that controls were in place to protect PHI. We generated a report on the client’s compliance with their controls to achieve HIPAA compliance. The consulting report was shared with the insurance plan customers to demonstrate the company’s compliance with their controls surrounding PHI.