Case Study
The nightmare keeping healthcare IT executives tossing and turning at night? Headlines like this one: A tiny USB is stolen from the car of a health worker in Alaska resulting in the state paying $1.7 million in federal fines.
Federal enforcement of health privacy laws is expected to become more stringent and companies responsible for securing Protected Health Information (PHI) must be more alert to compliance and potential data breaches.
Yet achieving and staying HIPAA compliant is no small accomplishment. The U.S. Office for Civil Rights (OCR) Audit Protocol includes 169 specific performance criteria organized around compliance. Non-compliance can be costly. For example, fines related to the HITECH Act range from $100 to $50,000 per violation for first-time violations and $1,500,000 for repeat violations.
“For the Department of Health and Human Services and OCR, this isn’t a risk that can be justified anymore. Healthcare organizations will comply or face steep fines”, said Nate Buchholz, Vice President of Information Services of Genesys Physician Hospital Organization (PHO).
As a physician group management company, Genesys PHO directly interacts with sensitive patient data through information system management, financial data, and Electronic Medical Records (EMRs). Armed with trained staff dedicated to securing the company’s infrastructure, Genesys PHO takes security very seriously. A good data center partner should, too, he added.
When facing a decision to build its own data center or find a vendor partner, Genesys PHO discovered OTAVA. Buchholz was impressed with the OTAVA’s data center security measures and safeguards, multiple generators and back-up system.
“OTAVA has all the redundancy and power infrastructure,” he said. “I sleep relatively comfortable knowing that if there is a power failure, the lights are going to be on here; everything’s going to be running.”
Buchholz was further convinced by OTAVA’s commitment to compliance. The company systematically ensures all necessary processes, agreements, insurance, and safeguards are met. OTAVA also stays ahead of the compliance curve by undergoing all of the necessary audits for data center companies.
Recently, the company became the first data center operator to have its data centers and hosting solutions voluntarily audited against the U.S. Office for Civil Rights (OCR) HIPAA Audit Protocol.
Seven years after starting its partnership, OTAVA’s effort to go above and beyond reminds Buchholz why Genesys PHO entrusts its mission-critical computer systems to the ‘Fort Knox’ of data.
Having a partner that guarantees the proper audits and compliances are complete “makes it easy for executive management to make the decision that that’s a good place to store our information—and the community’s information.”
“They’ve been top-notch,” Buchholz said of OTAVA. “I look forward to doing business here now and into the future.”
Genesys PHO is a collaboration between Genesys Health System and 160 primary care physicians with 400 participating specialist physicians who deliver health care services in Genesee, Lapeer, Shiawassee, Tuscola and northern Oakland counties. Genesys PHO and/or its participating providers focus on the personal relationship with the patients and their families, and have been recognized nationally, state-wide and locally for the quality of care that the patients receive and the improvements to the population of patients its participating providers serve. For more information, visit www.genesys.org.