CASE STUDY

Vera Whole Health Gains hipaa compliance in six weeks rather than six months

Objective

When Vera Whole Health added primary care services to their offerings, they wanted to ensure full compliance with the Health Insurance Portability and Accountability Act (HIPAA).

The company turned to Base2 Solutions for a quick but thorough assessment of their policies, procedures, and technology practices. Base2 performed the review in just six weeks; versus the six months that Vera estimated it would have taken its own staff. Base2 produced a prioritized, actionable plan that Vera Whole Health used as a guide to achieving HIPAA compliance in just two months.

Challenges

Vera Whole Health helps businesses reduce healthcare costs while giving their employees faster, better care. They do this by helping employers build and manage worksite healthcare clinics, change their health culture, and provide health coaching to employees. Vera customers have seen a 15 to 30 percent reduction in healthcare costs during their first year with Vera and have maintained average patient satisfaction ratings of 4.6 out of 5.

Vera began offering primary care services in 2012. When they began handling patient records, Vera became subject to the Health Insurance Portability and Accountability Act  (HIPAA). They wanted to protect their patients by ensuring the safe and secure handling of all individually identifiable health information.

Healthcare compliance departments are under great scrutiny to ensure compliance with several federal and state requirements, primarily HIPAA. The burden of monitoring and ensuring compliance amongst the changing regulatory and technology environment can be overwhelming for healthcare organizations. Companies found to be noncompliant with HIPAA face penalties up to $1.5 million per incident per year, but there are also state and regional fines for those disregarding privacy and security laws.

Vera management decided that it was wise  to have a third-party assessment of its health records management and security procedures to help them achieve HIPAA compliance and protect their patients’ health information.

The final Omnibus rule greatly enhances privacy protections and strengthens the government’s ability to enforce the law. To healthcare companies, this means more audits, hefty fines, and increased enforcement in order to increase protection of patients’ protected health information.

Solution

Base2 helps organizations understand how the new rules will impact business, and builds a plan to help protect patients’ privacy and maintain compliance.

Base2 interviewed employees, reviewed IT systems, and ensured that the company’s hardware and software were structured and protected correctly. They also reviewed procedures to assure that only individuals in defined roles had access to patient information and that the information was stored in a secure fashion. This ensured patient privacy without compromising service to its customers.

After just six weeks, Base2  finished the assessment and produced a full report. The final report identified areas where Vera was in compliance and areas where they needed to complete additional work. Base2 provided a prioritized list of which risks to tackle first and which would deliver the most impact for the least amount of work. From the report, Vera developed a work plan to reduce risk and maintain compliance.
One year after the Base2 HIPAA assessment, Vera upgraded a key information system and used the Base2 report to ensure that all the components of that system were configured properly. “The Base2 report is a living document that continues to guide our actions,” says David Huether, VP of Operations at Vera.

Outcome

Base2 was able to perform the complex review in just six weeks, far faster than Vera would have been able to complete the work by themselves. Plus, they gained valuable third-party objectivity.  “What would have taken us five to six months, Base2 did in six weeks,” Huether says. “Base2 performed a thorough review of our procedures and technology which would have required weeks of our time. This work would have taken our staff away from servicing customers, developing new products, and other strategic tasks. With the help of Base2, we were able to focus on our business while clearing a significant regulatory hurdle.”

“The Base2 report made the recommendations very actionable. It made it very easy for us to do the work that needed to be done”

— David Huether, VP of Operations

“Having a clear path was critical to our being able to come into compliance quickly. We addressed everything in the Base2 report in just a couple of months”

If you’re interested in learning more about partnering with us, get in touch!