HIPAA Compliance – an essential part of doing business

Retail Insights, LLC (http://www.retailinsightsllc.com/) extracts big data analytics from its subscribers’ Point of Sale (POS) machines and provides actionable consumer insights – previously only available through expensive retail consulting – to thousands of businesses.

As a lean startup, the company takes advantage of cloud computing to nimbly leverage the latest in business intelligence tools, data mining technology, and retail software. Its small footprint and hybrid cloud environment enable tight cost control; keeping its consumer insights findings affordable to distributors, manufacturers, and retailers.

Like the age-old tale of David and Goliath, Retail Insights competes head-to-head with substantially larger, established business consulting companies. The company’s founder was working as a consultant when he realized advanced business intelligence tools operating in a hybrid cloud environment would enable him to offer enterprise-class big data analytics for small- to medium-sized businesses, and national chains alike.

Being a small company in a world of giants necessitates navigating significant hurdles, and these challenges are further compounded by Retail Insights having many of its own clients are affiliated with the healthcare and pharmaceutical industries. With this comes the inevitable question of needing to become compliant with the Health Insurance Portability and Accountability Act (HIPAA). In order to be viewed as a serious contender in the healthcare-related vertical Retail Insights decided it needs to maintain HIPAA compliance.

The HIPAA security rules stipulate administrative, physical, and technical safeguards that must be put in place in order to attain HIPAA compliance with the necessary standards. And because it mandates to cover physical, virtual and hybrid environments – involving both real-time and backward-facing timeframes – fulfilling the numerous HIPAA-related requirements impose a significant drain on the resources of any size of an organization.

So is it all just a case of unfounded paranoia? Unfortunately not: Data shows that in the past few years medical-related identity thefts accounted for almost one-half of all such crime reported in the United States, and on the black market healthcare data is typically valued 50-times higher than comparable credit card information.

There also are additional factors that add to the monumental task of running an operation capable of passing all the necessary audits: The industry’s move to a more cloud-centric infrastructure has created an increased attack surface. Improvements in application accessibility have led to over 40% of all physicians now accessing sensitive patient information using a mobile device. Simultaneously, the business-critical – and sometimes life-critical – need for non-stop operations has resulted in the constant transfer of enormous volumes of data. To exploit the opportunities, cyber criminals have reacted by constructing a sophisticated arsenal of malware specifically designed to compromise healthcare networks and exfiltrate protected healthcare information.

The stakes are high: The U.S. Department of Health & Human Services investigates tens of thousands of cases of HIPAA compliance breaches each year, with average penalties running at $1.5m per violation. With the tightening of data breach notification requirements and the implementation of a new random audit program, HIPAA compliance is something that needs to be taken very seriously. So with the scarcity of skilled resources, what’s the answer?

Like many companies, Retail Insights worked with Alert Logic to focus on resolving the challenge of identifying potential vulnerabilities with our AWS vulnerability scanner and also monitoring breach attempts with our industry leading cloud security solution on their AWS infrastructure. This was an essential step for Retail Insights to expand their business. 

Read the Retail Insights case study to learn more.

About the Author

Terry Kraft - Senior Manager, Customer Advocacy at Alert Logic

Terry Kraft

Terry Kraft has 20+ years in software marketing and sales. Her expertise serves Alert Logic in customer reference attainment and development, working with sales teams, partners and public relations. As the Senior Manager of Customer Advocacy, Terry identifies, recruits and nurtures strategic references for participation in a variety of marketing activities from press interviews to webinars. She is also responsible for publishing case studies, video testimonials and quotes which are posted at alertlogic.com/customers/case-studies

Email Me | More Posts by Terry Kraft