Home » Health Care » Case Studies » Case Study #3939

Health Care Case Study

Case #3939: HIPAA Compliance - Protected Health Information

A leading regional health insurance company was looking for a partner to assist them in achieving HIPAA compliance. We were called upon to complete a discovery process by mapping all processes containing Protected Health Information and completing a Minimum Necessary Analysis. Over 4,000 business processes were mapped, identifying over 25,000 activities where employees used or disclosed Protected Health Information. We completed a Gap Analysis of the organization's current policies and procedures and compared the results with the HIPAA Regulations.

We facilitated the writing of corporate policies and procedures that, with implementation support, brought the Health Insurance Company into compliance. These actions were based on current HIPAA regulations and included the latest updates from HHS.

Engagement Highlights

  • Industry:
  • Health Insurance
  • Client:
  • A leading Multi-line Insurance Company
  • Assignment:
  • Map all work processes that contain Protected Health Information
  • Categorize Protected Health Information in all documents, reports and systems
  • Define Classes of Employees for Minimum Necessary Evaluation and Training
  • Develop Policies and Procedures for compliance implementation.
  • Approach:
  • In-depth Mapping of all work processes containing Protected Health Information
  • The team interviewed and developed all process maps
  • All logistics and organization of Materials and Analysis was managed by Tier
  • Facilitate policy and procedure development with Operations Representatives
  • 4,000+ processes were mapped
  • 25,000 points where PHI was used or disclosed
  • 5,000+ documents containing PHI identified
  • 130 employee classes were created
  • Duration:
  • 48 weeks of discovery, process mapping, Minimum Necessary and Gap Analysis
  • 42 weeks of Policy and Procedure writing and Implementation preparation


  • All areas using or disclosing Protected Health Information were identified
  • All documents, reports and systems were categorized for Minimum Necessary Evaluation
  • Approximately 100 Policies and Procedures were developed
  • Implementation approaches were written with Operations involvement
  • HIPAA compliance implementation completed on schedule and within budget

Related Case Studies