Case Study 3: Start-up Healthcare Market Research Firm

This small start-up healthcare marketing research company called because their clients, large hospitals and healthcare delivery systems, asked that they demonstrate compliance efforts before sharing patient data. The firm engaged us to help strengthen their compliance program and prove the ability to satisfy contractual client service level requirements.

After a compliance assessment and a security risk analysis, we worked with the healthcare marketing client to close identified gaps and implement more stringent policies and procedures for their compliance program.

Business associate agreement reviews provided key privacy and security goals beyond standard HIPAA regulations. With those as a mandate, the firm realized that the ability to move forward with growing the business was highly dependent on being able to show they were firmly on the compliance path.

Apgar & Associates has an ongoing relationship with the firm, conducting regular security risk analyses, business associate agreement reviews and to answer the tough privacy and security questions. At a time when the Privacy & Security Compliance Officer position opened, the CEO and other senior leadership engaged Chris Apgar, CISSP, CCISO to step in as the interim CCO.

The healthcare marketing research firm has embraced a culture of compliance, recognizing compliance is an ongoing practice, not simply a static state. Their compliance program continues to show this.