Challenge
The University of Minnesota needed to improve compliance with HIPAA security standards in 30 individual units within the healthcare component responsible for Protected Health Information (PHI). The university did not have a complete understanding of the units needed to comply with HIPAA protocols or the appropriate standards to maintain. There were also no existing mitigation strategies to manage HIPAA security risks.
Solution
BerryDunn’s higher ed consulting team worked with the university to assess the 30 units in the healthcare component in order to gain an understanding of operations, systems, and PHI management. Through virtual work sessions and survey distribution, BerryDunn identified risks in each unit and developed HIPAA security rule matrices that included the risks and appropriate mitigation strategies. Using these matrices, the university was able to actively address and track the risks identified through designating specific responsibilities to each office.
Outcomes
The university:
- Leveraged the risk management strategy to perform annual self-assessments and improve security of PHI moving forward
- Developed responsibilities for the Office of Information Technology (OIT) and individual units regarding information security practices and HIPAA compliance