Health care providers and businesses across Mississippi and the nation now have a new option when choosing a Health Insurance Portability and Accountability Act (HIPAA) compliance service firm.
Technology Solutions Group (TSG) has formed in Jackson, offering compliance services to meet the security policy standards set forth by the HIPAA. TSG, headquartered at 236 East Capitol Street, conducted a soft opening last fall, and officially opened for business in March.
The new company, which employs a staff of 11, enters a competitive industry armed with an array of state-of-the-art tools and nearly 90 years of combined experience, but the strategy is simple — provide a personal touch to its services.
“It is our mission to serve clients with specialized solutions that will enhance daily work procedures and overall company performance,” said Joey F. Garner, TSG executive vice president and former Mississippi Business Journal Business Woman of the Year. “We accomplish this ever-growing endeavor by offering enterprise assessments and recommendations for compliance, risk assessment, IP networking and other technological advancements.”
Mark Chmielewski, TSG’s compliance consultant, said, “There are many (HIPAA compliance) options out there — you can even buy service online. But, can you figure the findings report out? Can you apply it?”
Chmielewski pointed out that the price for noncompliance is steep. Just last month, New York and Presbyterian Hospital and Columbia University, which are not TSG clients, settled HIPAA noncompliance charges for a reported $4.8 million, the largest such settlement to date. In that case, a physician, in an attempt to deactivate a personally owned server left thousands of patients’ electronic protected health information (ePHI) accessible via Internet search engines. In addition, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) found that neither entity conducted a proper risk analysis, had no risk management plan in place nor did they have proper policies and procedures to safeguard information.
Alan Callison, TSG’s compliance supervisor, said the case illustrates the challenges of staying compliant with HIPAA’s security requirements. Some entities might have no risk analysis or policies and procedures while others might just need a review to assess their vulnerability to noncompliance.
“You can’t use a cookie-cutter approach,” Callison added.
While TSG treats every client differently, it does have a standard operating procedure in place. It begins with a free baseline evaluation, which is a preliminary assessment. Following OCR’s recommendations, TSG personnel then conduct a risk analysis, which consists of two parts — an in-depth on-site review and a vulnerability scan. The analysis is then pulled together into a findings report emphasizing areas of concern both from a policy and procedure standpoint as well as a technical overview.
At this point the process moves to the remediation phase. TSG works with clients to develop the policies that they need to be HIPAA compliant under the Security Rule. TSG also offers training, both on-site and web-based, to assist each company in keeping their current and future staff well-versed in the HIPAA Security Rule and the policies and procedures that their company has established.
From a technical standpoint, TSG is prepared to help its clients bring any IT deficiencies up to the proper levels. An example would be having proper off-site backup of ePHI, such as a co-location storage facility. It also offers network penetration testing of computer systems.
Other services include social engineering where TSG tests to make sure a company’s staff is doing as they were trained to do.
TSG, which was in the planning stage for nearly a year before it opened, has a written goal that states “…if any business is selected for an OCR audit that they would have a completed risk analysis, appropriate policies and proper training…”
Garner said, “We understand the importance of keeping sensitive information secure. It is an aspect of business that is not only expected, it’s demanded. Regardless of the business, security and regulatory non-compliance can have a devastating effect on companies’ reputations.”
It would seem TSG’s strategy is a winner. The young firm has found clients not only in Mississippi, but also Arkansas and Louisiana — even as far away as Oregon.
“We are very happy with the response we have gotten,” said Callison. “We are not limited to Mississippi, and we have a goal to grow.”