With its top-rated software and support, Compliancy Group is helping healthcare companies achieve HIPAA compliance with ease

The Silicon Review

Health Insurance Portability and Accountability Act (HIPAA) and compliance are two common terms that are used often when you work in the healthcare industry. You can see them being thrown around in the context of records, patients, paperwork, and more. HIPAA was brought into the system to protect patient’s privacy and keep their data safe. As we know that the healthcare segment is very dynamic, the act was also accordingly amended a few times to deal with the issues that come up with changing technology. HIPAA exists to make sure that classified medical data is protected from unauthorized people. Given the ever-growing IT threats, the security of healthcare organizations has never been more important.

Globally, there are various firms delivering excellent solutions to comply with HIPAA, but Compliancy Group stands out from the rest. Compliancy Group offers a comprehensive privacy and security compliance tracking software solution focused on the healthcare space. The software provides clients with everything they need to achieve, illustrate, and maintain compliance in accordance with the law. HIPAA is complex, which is why each client is paired with a Compliance Coach to guide them through the software and the process of becoming HIPAA compliant. Once a client completes the process, their coach verifies and validates their efforts to ensure that they have met all necessary requirements and issues them the Seal of Compliance. The Seal can be displayed on clients’ websites, email signatures, and reception desks, serving as a great differentiator to increase the profitability of the business.

In conversation with Marc Haskelson, President and CEO of Compliancy Group

Q. How has compliance management evolved throughout the years? What are the anticipated trends in this segment?

Compliance management has become much more security-focused and will likely continue to be the case. Specifically with HIPAA, when it was first enacted 25 years ago, the interconnectedness of businesses didn’t really exist. But in the current cybersecurity climate, your partners’ or vendors’ security vulnerabilities can ultimately put your business at risk. Over the years, the Department of Health and Human Services (HHS) has expanded HIPAA law to apply to business associates (healthcare vendors) and has released guidance for how to better protect sensitive data. New legislation has also been passed to address the drastic increase in healthcare breaches over the past couple of years. In January 2020, H.R. 7898 was passed, requiring the HHS to take into consideration whether or not an organization had implemented a “recognized cybersecurity framework” prior to a breach. Organizations that have documented proof that they implemented a cybersecurity framework, such as CMMC or NIST-800, are given technical assistance from the HHS rather than receiving a hefty fine.

Q. From an integrity perspective, the decision to be open about organizational compliance sends a very clear message that the company is committed to ethical conduct. How do you define ethical values?

To be ethical in the healthcare space, it is important to instill a culture of compliance within your organization. Management sets the tone for appropriate business behavior, so having clear expectations set forth in the form of policies, procedures, and training is key to running an ethical business.

Q.With the consequences of failing to comply with laws, regulations, and standards having such a high potential cost, what are the functions of compliance solutions in preventing failure?

Compliance ultimately comes down to a business’ good faith effort to comply with the law. Do you conduct an annual security risk assessment to identify security deficiencies? Do you address deficiencies with remediation plans? Do you have written policies and procedures? Do you provide employees with annual training? Do you have signed business associate agreements with all business associate vendors? Do you have a system in place for incident detection and response? Failing to comply results in risks ranging from reputational impact and fines to complete business failure and class action lawsuits.

Q. What would you say are the top three skills needed to be a successful CEO?

Trust in your team, accountability - give them the authority to do what they feel is right with clear accountability.
Park your ego at the door - understand every job, roll up your sleeves and get dirty before you ask someone else to do it.
Good communication and listening skills - we use an open door policy combined with our two year rule - understanding and meeting employees’ personal and professional goals over the next two years.

Q. Do you have any new services ready to be launched?

With the launch of our new 4.0 platform, we are specifically in a position to add privacy and security compliance. Earlier this year, we launched an OSHA product specifically for healthcare businesses, making it easier for them to manage all of their compliance needs. We have also recently launched a $100,000 cybersecurity insurance product to aid clients that experience a breach. In the next few months, we will be releasing new regulatory products, PIPEDA, PHIPA, GDPR, to address the foreign markets and to assist with security; we will also be releasing CMMC and other security regulations.

Q. What does the future hold for your company and its customers? Are exciting things on the way?

We continue to evolve by offering clients new compliance solutions. While we are largely focused on HIPAA, many of our clients need to meet other compliance requirements such as security, state regulations, and international privacy regulations. Our clients always come first, and we want to be a one-stop shop for them in terms of compliance as a universal compliance tracking tool. So we will continue to develop new regulatory compliance products to meet our clients’ needs.

Meet the leader behind the success of Compliancy Group

Marc Haskelson is the President and CEO of Compliancy Group. He has over 30 years of sales, marketing, and operational leadership experience, and has held executive positions at Hearst Publications, Experian, and AT&T. He is an innovator who develops new products and solutions to address the challenges of the small and midsize market. Marc was the co-chair of the CompTIA Business Applications Advisory Council and is a Visionary Level Contributor to the American Optometric Association Political Action Committee. He focuses his knowledge of compliance, privacy, technology, security, customer care, and SaaS billing technology improving market inefficiencies.