Client case studies | Provider cleans up employee user accounts to ensure security of sensitive patient information

PwC helps major healthcare system meet key HIPAA requirement.

PwC had been retained by a large statewide, not-for-profit healthcare system consisting of more than 25 hospitals to perform a periodic access review (PAR), the success of which depended on the cleanliness and reliability of the provider’s security access data. In preparation for the PAR, we determined that of the approximately 65,000 employees the provider retained, about 12,000 user accounts required updating. The provider knew that many of the accounts in question contained “dirty” data. As manual work was required to clean up these questionable accounts, the provider faced a significant outlay even before it could conduct its PAR.

PwC’s use of its Virtual Business Office (VBO) to clean up the provider’s security access data was a new application of this resource. It required that VBO staff both directly and indirectly contact employees to verify such facts as contact information and managers’ names and phone numbers. We worked with VBO staff to develop a “playbook” detailing the process through which staff members would remediate incorrect data. We worked closely with the provider to document the processes for managing the VBO staff’s work queue, investigating data inconsistencies, and identifying resolutions.

During the course of the engagement, we cleaned 96% of the provider’s security access data, significantly more than our stated goal of 80%. The VBO was a particularly attractive option for this provider, as it was not an off-shore solution and it could easily be ramped up and dismantled as needed. The VBO accomplished in nine weeks, with a higher-than-expected level of accuracy, what would have otherwise been a laborious, time-consuming, manual task.


Click here to download and save the case study.