Sword & Shield Announces HIPAA Compliance Case Study
KNOXVILLE, Tenn. December 17, 2018 – Sword & Shield Enterprise Security, a leading national cybersecurity and compliance firm headquartered in Knoxville, Tennessee, announced today the release of a new HIPAA compliance case study.
Bought in 2017 by Bryan Foster and Adam Fox, TripMaster is a scheduling and dispatching software used to manage non-emergency medical transportation (NEMT) and paratransit. The software is required to store electronic personal healthcare information (ePHI) such as data relating to medical appointments.
As the new owners went into high gear to expand their customer base and familiarized themselves with their customers’ needs, they realized providing a software that needed to store ePHI would require the company to be HIPAA compliant, but that was the extent of their HIPAA knowledge.
Addressing HIPAA Compliance
CTS was committed to proactively addressing HIPAA compliance in order to ensure their software was safe to use and to gain credibility with prospective customers in order to grow the company.
In addition, they were met with questions from prospective customers and bid requirements regarding the data security of their product and mandating proof of policies, procedures and processes in place to ensure compliance.
Foster and Fox asked a trusted colleague to recommend a reputable information security and compliance partner, and were referred to Sword & Shield.
HIPAA Policies and Procedures Creation
Since CTS wanted to overhaul the processes surrounding its HIPAA compliance, Sword & Shield felt the first step, as well as the best use of time, should be to create HIPAA policies and procedures. The completed policies and procedures provided a foundation from which to move forward.
“Sword & Shield provided policies and procedures tailored to us, accommodating our remote workforce and Microsoft Azure environment,” said Foster. “Implementing the technical side turned out to be the easy part. Documenting and creating policies and procedures brought it all full circle in really hardening the systems.”
Next, Sword & Shield conducted a HIPAA risk assessment to identify and document CTS’s areas of risk in accordance with the HIPAA Privacy, Security and Breach Notification Rules. Once this was completed, Sword & Shield provided CTS with a HIPAA gap analysis and roadmap to remediation with recommendations tailored to the organization.
“Sword & Shield’s responsiveness and availability has been extremely helpful. The consultants are happy to answer our questions any time we approach them,” said Foster.
Maintaining HIPAA Compliance
As a small company comprised of software developers, CTS needed assistance with following through on its remediation. This led CTS to subscribe to Sword & Shield’s HIPAA Compliance Program (HCP) through which healthcare consultants provide guidance and accountability on an on-going basis.
“CTS’s security and compliance overhaul was an intimidating initiative. We could not have done it without the expert guidance of Sword & Shield,” said CTS Software Co-Owner and Chief Technology Officer Bryan Foster. “They assisted with every step and continue to add value through the HIPAA Compliance Program, representing the true definition of partnership.”
As a result of the services Sword & Shield provided CTS Software, the company is able to confidently and credibly prove HIPAA compliance. This empowers CTS to retain current customers and bid for new business.
“Sword & Shield’s HIPAA Compliance Program has given us the confidence and credibility for winning new contracts,” said Foster.
And what about CTS’s knowledge of HIPAA?
“As a business owner, this was incredibly educational for me,” Foster said. “I knew HIPAA was important, but working with Sword & Shield provided a deeper understanding of what it means to be compliant as it relates to my business and why it’s important.”
About Sword & Shield Enterprise Security
Protecting critical data for 20 years, Sword & Shield Enterprise Security, Inc. is a nationally recognized cybersecurity provider with solutions designed to meet the needs of a dynamic security and compliance landscape. Headquartered in Knoxville, Tennessee, Sword & Shield specializes in security, risk and compliance assessment, managed security services, enterprise security consulting, security incident response and forensics, and technical solutions. Sword & Shield services a broad spectrum of industries, including healthcare, retail, legal, banking and finance, manufacturing, and the public sector.
For more information about Sword & Shield Enterprise Security’s HIPAA compliance services, visit www.swordshield.com/hipaa-compliance-program/.