Consultant Services

HIPAA Products and Services

Since 1992, BIG HIPAA consultants have been investing their time and leadership skills with several organizations that have been engaged in the development of HIPAA. Among these are Dr. Steve Lazarus's leadership in the Workgroup for Electronic Data Interchange (WEDI) where he has served on the Board of Directors since 1992, chaired several committees, and participated in over 90% of the education programs and Policy Advisory Groups. He served as the Chairman of the WEDI Board of Directors in 2001 and was re-elected to this post again for 2002.

Margret Amatayakul is founding and Past Executive Director of CPRI and a leadership participant in ASTM standards development. She has also served the National Committee on Vital Health Statistics (NCVHS) in a support capacity on issues regarding HIPAA.

This continued investment of professional time and contribution of leadership skills has given the BIG consultants the opportunity to learn the HIPAA implementation issues first hand from all aspects of the industry and contribute to the industry debate on the final form that the HIPAA regulations should take to promote administrative simplification.

BIG has invested in the development of its own HIPAA tools and the utilization of industry available HIPAA tools in order to reduce the cost of consulting services and to enhance the capability of delivering a high, consistent quality standard of consulting services regarding HIPAA. In this regard, BIG has developed the following HIPAA tools for use with its clients:

• HIPAA Benefit Estimation Tool for hospitals and medical groups
• HIPAA Model Project Plan
• HIPAA High-level Impact Assessment (Gap Analysis) data collection and scoring tool
• HIPAA Compliance Management Tool covering all HIPAA regulations
• Template for a web-enabled HIPAA compliance risk management application

The following are descriptions of five HIPAA products and services offered by BIG. The Boundary Information Group (BIG) has designed a number of HIPAA Products and Services. The scope and deliverables associated with each are described here. Over time, as BIG develops additional services and tools, these will be made available to our consulting clients.

1. HIPAA Executive Briefing and Strategy Development
This introductory education program includes a HIPAA Executive Briefing presentation, a session to develop the understanding of HIPAA issues specific to the client, and a session to discuss HIPAA strategy. The deliverables include a half-day HIPAA Executive Briefing, the development of an organizational strategy for HIPAA, and a HIPAA strategy summary report. For vendor clients, the strategy session may be changed to a product review and design strategy analysis. The Executive Briefing has been presented to 500 provider, payer, and vendor organizations.

Return to Top of Page

2. HIPAA Project Plan Development

BIG has developed a model HIPAA Project Plan covering the first five HIPAA regulations: transactions, provider identifier, employer identifier, security, and privacy. The model plan includes eight major phases:

• Think and educate
• Gather current state information
• Analysis
• Plan
• Implement
• Review
• Certify
• Monitor

By utilizing the BIG model plan and the facilitation skills and industry knowledge of our HIPAA consultants, we have been able to develop a customized HIPAA high-level project plan over a two-day period. A side benefit from this activity is a full understanding by the participants of the steps and resources that are required to implement HIPAA. Documenting the tasks specific to individual client needs and identifying timeframes for implementation are a significant part of the completed project plan. Typical clients achieve a resulting project plan consisting of 120 to 150 tasks. It provides a resource for understanding when activities need to be conducted, the timing of resource needs, and an explanation of the full scope of HIPAA. It also identifies significant project review milestones.

Return to Top of Page

3. HIPAA Initial Impact Assessment (Gap) Analysis

This is an intensive high-level assessment activity, which is designed to identify the most important issues that need to be addressed by an organization as it prepares for HIPAA compliance. A multi-disciplinary team conducts this one-week onsite activity. The size of the team varies based on the scope of the organization.

The data collection phases of this Gap analysis include interviews, documentation reviews, and observations of workflow and technology operations. BIG has developed information tools for this process to address the compliance and benefit potential identification aspects of HIPAA. For a multi-facility organization, BIG recommends that this initial impact assessment analysis be conducted based on a sampling of the facilities and operations. The sampling can be based on regions or types of facilities.

The major deliverable from this project is a high-level assessment of HIPAA readiness, with the identification of those issues which require significant management attention because of one or more of the following factors:

• A very expensive remediation project may be required.
• The benefit potential gain could be very significant, but it will take considerable leadership focus to achieve the desired result.
• Changes in vendor or other Business Associate relationships may be required to meet HIPAA compliance or functional needs, and the length of time and/or cost to achieve the desired result is significant.

The high-level HIPAA assessment findings are presented in the form of a written report and presentation.

Return to Top of Page

4. HIPAA Independent Validation And Verification (IVV)

BIG provides a quarterly HIPAA project audit and review by a multi-disciplinary team. Each calendar quarter, the team will prepare for the audit and review by receiving and critically reviewing the HIPAA Project Status documents including, but not limited, to the following:

• Business Impact Analyses
• Project plan and accomplishments to date
• Progress towards meeting identified business objectives
• Actual versus budget expenditure levels, compared to time frame and progress.
• Self-assessment of project progress, problems, and corrective action recommended.
• Problem and issue resolution.
• Project Risk Assessment information.

Return to Top of Page

5. Focused HIPAA Project Advice on an as Needed or Retainer Basis

BIG also provides focused HIPAA consulting services on specific issues that are identified as a client need. These consulting engagements normally are undertaken on a Time and Materials basis. BIG has also entered into monthly retainer relationships with clients, where a specified estimated monthly budget is defined, and the client defines how the consulting services are allocated each month.

As an example, BIG has assisted clients with developing contractual language regarding HIPAA, provided mini Executive Briefings to top management on current HIPAA industry developments, and acted in an advising capacity to HIPAA Project Directors. With BIG's broad skill mix and understanding of HIPAA, a full range of HIPAA consulting services can be delivered. When appropriate, BIG will utilize highly qualified subcontractors for specific issues, or where appropriate recommend other organizations that clients can use to satisfy a specific HIPAA requirement.

Return to Top of Page

General Capabilities

Boundary Information Group (BIG) has assembled a team of leading industry HIPAA experts to provide consulting services to selected clients. The team is skilled in understanding the complex issues involved in HIPAA, business operations of Covered Entities, and the resources available to assist organizations in implementing HIPAA. The specific skill sets and experience of the key consultants include:

• Overall project strategy and project management.
• Knowledge of resources required to conduct HIPAA Business Impact Assessments, remediation option analysis, remediation implementation, and ongoing monitoring and review.
• Expertise in the business purpose and technical requirements for the standard transactions and code sets, and standard identifiers.
• In-depth knowledge of the Security Regulation, the HIPAA Security Summit Guideline, and Security Impact Assessment Tools.
• Privacy business operations issues based on legal and patient information management expertise.
• Professional resources including CISSP credentialling for security, RHIA for patient health information, and attorneys for compliance and policy and procedures expertise.

Return to Top of Page