Measuring success

"Measuring success"

Who We Are

   metriQuality prepares companies for IT audits,  collecting required documentation, and implementing controls for information security and compliance with corporate policies and regulatory requirements.

How We Help

   By monitoring what your people and processes do,
we help to ensure compliance with corporate policies and regulatory requirements.

   By measuring resource utilization:

  Are your people working effectively?
  Are your projects and/or vendors delivering the results you expect?

What We Do

Policy Management   Write and review company policies and procedures

Compliance Controls   Monitor, assess, and improve compliance controls

Performance Management   Optimize business operations through performance audits

Security Awareness Training   Train and mentor staff for compliance and information security issues

Vendor Risk Management   Manage outsourced IT projects and third-party service providers

Vulnerability Assessments   Conduct security  assessments and  minimize risk exposure

Corporate Standards   Align corporate standards with generally accepted standards

Incident Response   Plan, coordinate, and respond to security incidents

 

HIPAA Compliance

   A majority of healthcare organizations are not keeping pace with technological advances and potential threat factors, in contrast with other industries. HIPAA sets a relatively low security standard, with ambiguous guidance  for preventing unauthorized access to sensitive health information, and spotty enforcement.

   As one example, The HIPAA Privacy Rule states that once data has been de-identified, covered entities can use or disclose it without any limitation. The information is no longer considered PHI (personal health information), and does not fall under the same regulations and restrictions as PHI. The problem with this clause (and others regarding the use of encryption) is that implementing de-identification of data evenly across disparate systems, such as EHRs and HIEs, is not a trivial exercise.

    In an article on data breaches published by HealthITSecurity.com, Eftekhari says, "One of the things we identified in our report before the breach was identified was that governance was really missing and is something that healthcare organizations can and should be implementing,". "These are not new concepts. Governance is a basic idea that unfortunately a lot of organizations still don't get down."

Why is this important to you?

Because there is no certification program for HIPAA compliance, and scarce technical guidance for implementing the HIPAA Privacy Rule, the only enforcement mechanism is legal liability after a data breach by "covered entities".

metriQuality helps your company use data encryption and data governance to protect sensitive data, which enables enforcement of Business Associate Agreements (BAA) associated with HIPAA compliance.

   If you are interested in becoming HIPAA-compliant, we urge you to read our webpages listed below, which offer a better view of what must be done to protect all sensitive information: