Disruptive Innovation in HIPAA HITECH Compliance

Friday, April 01, 2011

Jack Anderson

10e258c8d23d441b915c1b2333b6996a

The Master Program: A Disruptive Innovation in HIPAA HITECH Compliance

Healthcare needs disruptive innovation. HIPAA HITECH provides an opportunity to profoundly change information security and privacy by bringing millions of new participants into the picture. 

HHS estimates that 1-2 million business associates will need to be HIPAA HITECH compliant for the first time, not to mention millions of Sub-Contractors. 

The old model was an on-site consultant charging $1500 per day plus travel expense trying to force feed compliance information during an on-site visit and then hoping that they worked on compliance when the consultant was gone. 

At the other end of the continuum are companies selling policy and procedure manuals either in paper format or DVDs. This gave the client the false confidence that by putting this up on a shelf they had become compliant. 

An associate of mine related that they shipped hundreds of policy and procedure manuals wrapped in bright pink shipping materials so that they were visible to the client and then as the policies and procedures were updated sending them yellow wrapped update pages to be inserted into the manual. 

Nine times out of ten when he visited the client he would find the manual in it's original wrapper, sitting on a shelf with the yellow wrapped pages sitting neatly on top.  This is not a pleasing sight to an auditor!

The disruptive innovation begins with the notion of delivering the consultant and the manual to the client through the cloud.

The next important innovation is having the consultant, who we call a Helper, interact with the client through the cloud. They can see everything that the client is doing, offer oversight, advice, and the occasional nagging to help them get through the process. 

The client is lead through a step by step process of editing the policies, procedures, and forms to fit their business model.  All edits are sent to the Helper for approval to ensure that they are still meeting the HHS standards.  The next innovation was the Compliance Meter.

This was developed to help the client monitor their progress and to allow them to demonstrate their compliance to their business partners. Since there are no agencies with authority to certify compliance the burden of proof is on the client. 

The tools they are given include the Compliance Meter but also they can allow an outside observer to drill down into their compliance activities, see a complete history and even drill down into individual policies and procedures.

The disruptive innovation is that this can be done without a site visit, thus greatly reducing costs and providing transparency.  Naturally a site visit could still be done if necessary.

This method is much more efficient than the old on-site consulting model yet is a fraction of the cost. The average business associate can get compliant for less than $1,000, stay compliant for less than $100 per month and prove compliance for free with the Compliance Meter.

Compliance Helper and Accreditation Helper have been delivering this disruptive innovation in healthcare since 2007 with extremely positive results. 

Log on to www.compliancehelper.com for a short demonstration or contact Jack@compliancehelper.com for a complete demonstration.

 

You are also welcome to attend our FREE Webinar: HIPAA HITECH Compliance for Smarties

Date: Wednesday, April 6, 2011

Time: 8:00 AM - 9:00 AM PDT

Space is limited for this FREE Webinar - Reserve your seat now:

image

Cross-posted from Compliance Helper

Possibly Related Articles:
12688
HIPAA
Healthcare Provider
HIPAA Compliance Training HITECH Healthcare Covered Entities Business Associate
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.