HIPAA Compliance and Disruptive Innovation

October 25, 2013

I am a long time fan (1997) fan of Clayton Christensen’s books on “disruptive innovation”. Back in 2001 I was hired as a consultant to a software development company that had developed a program to help hospitals prepare for a JCAHO accreditation survey. We decided to try and develop a new disruptive innovation to deliver this program to a new market of office based surgeries (OBS) that needed to get accredited. We searched for a consultant to supply us with the policies, procedures, and forms we needed and to provide the expert advice to the OBS.

The intial reaction of the consultants was to think that we were competitors but we finally got one to let us come and visit and present our case. The first thing we notced was a long table with stacks of printed manuals which we pointed out could be eliminated with our model. Secondly we talk about travel time for the consultant. We showed that in order to make a decent living the consultant had to work the equivalent of 2.6 FTEs ot offset the time lost in traveling. With our model the same consultant could handle over 200 clients simultaneously without leaving home. Needless to say we sold the concept.

In 2009 when we saw the HITECH Act pass Congress we knew that we had the right model to deliver HIPAA HITECH compliance in a cost effective and efficient manner but we needed a new set of PPF and HIPAA consulting advice. Fortunately we were able to recruit Rebecca Herold, CIPP/US, CIPP/IT, CISM, CISA, FLMI, www.theprivacyprofessor.com , and set up a joint venture with her firm, Rebecca Herold & Associates.

An additional challenge was the fact that unlike accreditation where there were third parties that had authority to make a site survey and if you passed you got a three year certificate for proving your compliance HHS has given no one authority to certify HIPAA compliance. So working with Rebecca Herold we developed compliance metrics and our Compliance Meter(tm) which measured key compliance tasks and displayed the results. This is useful for internal verification of compliance activities and importantly for external proof that the organization is managing HIPAA compliance on an on-going basis.

The SaaS model also allowed us to deliver the consultant to the client more efficiently and at much lower cost. The consulltant, called a Helper, is able to see all of the activities, check their edits, answer their questions and provide a little gentle nagging where necessary. We have observed over the years that it is easy to “forget” to do your compliance tasks so having a third party who will give you a little nudge when necessary is extremely helpful.

So, together, SaaS or cloud delivery, compliance metrics, Compliance Meters(tm), Helpers, and access to world class privacy and security experts such as Rebecca Herold truly provided a disruptive innovation in the HIPAA HITECH market place.


Back to News