Privacy and security

The challenge

Privacy and security. Two vital obligations payers must fulfill. Members expect it. State and federal governments demand it and require payers to demonstrate proof of compliance to it. The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act, or GLBA, addresses the growing threat of identity theft in online transactions. GLBA requires financial institutions to safeguard their members' demographic and financial data. The Health Insurance Portability and Accountability Act of 1996, HIPAA, regulates how payers must collect and protect members' personal health information to prevent unauthorized disclosures. The dual burden borne by payers of compliance with both GLBA and HIPAA amplifies the importance of well-designed privacy practices and effective security controls.

To assure compliance with privacy statutes, you need to stay current on the changing regulatory environment. Clearly communicate your privacy practices to your members and to vendors who will handle members' personal health information. Educate your staff about their privacy responsibilities and motivate them to adhere to rigorous privacy practices. Monitor individual and corporate compliance.

Security controls enable you to prevent unauthorized access to member information, trade secrets and other corporate assets. Effective data security combines technologies such as firewalls and encryption with security practices such as role-based access and identity management. HIPAA's broad and principles-based security requirements start with universal standards for exchanging demographic and medical information among healthcare stakeholders. Because deciding on a universal format and standardizing processes have proven difficult and expensive, many payers create workarounds rather than make the wholesale changes necessary for long-term compliance. This exposes payers to serious risks. It also prevents them from realizing the benefits of standardization, which include process efficiencies, cost savings and better relationships with stakeholders.

How we can help you

You need to quickly adapt to - and comply with - evolving privacy and security requirements. We can help you understand and comply with evolving legislation regulating privacy and security. We can assess whether your organization has the strategy, people, processes and organizational structure to prevent improper disclosure of confidential health information.

You should view compliance with privacy and security regulations as a first step to secure, seamless and cost-effective transactions with all healthcare stakeholders. Our healthcare-focused advisory professionals and multi-industry security experts work together to discover security vulnerabilities and show you how to remedy them. We can explain how to leverage privacy and security practices beyond mere compliance to an enterprise-wide architecture that enables secure, efficient interactions with providers, employers and consumers.

Common services include:

• Standardizing data interchange and transactions
• Designing and implementing privacy and security programs
• Managing identity
• Assessing threat and vulnerability