Parker Jewish Institute for Health Care and Rehabilitation (“Parker”) is a nationally recognized, non-profit center for the health care and rehabilitation of adults. Licensed by the New York State Department of Health, Parker is at the forefront of innovations in patient-centered care and technology. In January of 2009, the Federal Government informed Parker that they would be the subject of a HIPAA audit conducted by the Centers for Medicare and Medicaid Service (CMS).
In preparation of the audit, senior management at Parker immediately assembled their information systems staff and the Custom Computer Specialists’ (“Custom”) on-site staff to create a “SWAT Team approach”. Custom, a technology solutions provider that specializes in meeting the IT support staffing needs of long term care facilities had been providing on-site specialized engineering and IT support to Parker since 2001. This combined team quickly assembled a cross functional team to develop a high-level action item list. To ensure that they stayed on task the team met twice weekly, reviewing and updating the list as needed.
A Solid Foundation
What became apparent as work progressed against the list was just how well prepared Parker was for the security audit. In 2008, Parker had undertaken several projects to secure their environment. These projects included USB Lockdown and Auditing, Tripwire Auditing, Central Audit Logging, Firewall Upgrade, Endpoint Security with WebRoot Spy Sweeper, an upgrade to the antivirus solution, RSA Secure ID implementation, WSUS patch manage¬ment, and more. These projects positioned the team to generate security reports, which illustrated Parker’s HIPAA compliance and proactive approach.
The “SWAT Team” soon transitioned to the “Verification Team” – ensuring key information was readily available to confirm compliance to these policies. “Custom Computer Specialists has helped Parker Jewish Institute for Health Care and Rehabilitation obtain optimum value from our information technology investments,” said Michael N Rosenblut, President and CEO at Parker. “They provide solutions that meet our complex needs and high expectations.”
In February of 2009, CMS commenced the audit with weekly phone interviews. In June of 2009, the week long on-site audit began. A few weeks after the audit was completed, CMS informed Parker that there were no findings and just three recommendations—only one recommendation pertained to the Information Systems department.
The auditor informed Parker that this was the first time in his years of performing these types of audits where a facility had no findings.
In October of 2009, the Federal government recognized the Security Audit results and Parker officially passed the HIPAA security audit. Additionally, CMS informed Parker that many of their policies would be adopted as “Best Practices.”