When dealing with sensitive information, one cannot afford to be careless. Concord was engaged by a healthcare client during the development of a new platform and set of systems, applications, and processes designed to interact directly with patients to capture personal information. Our role was to ensure privacy requirements were identified, documented, and implemented into the platform by design. There's no better way to reduce risk and ensure compliance.
After reviewing each system, application and process in detail, Concord developed a framework of privacy controls and requirements based on generally accepted privacy principles. The control framework was mapped against each individual data use case and system/application to provide specific privacy requirements to the development teams. The framework was also built in a way to identify functions desired by the client that could make the client a Business Associate under HIPAA.