Information Security

Privacy by Design

Project Overview
Project Overview

When dealing with sensitive information, one cannot afford to be careless. Concord was engaged by a healthcare client during the development of a new platform and set of systems, applications, and processes designed to interact directly with patients to capture personal information. Our role was to ensure privacy requirements were identified, documented, and implemented into the platform by design. There's no better way to reduce risk and ensure compliance.

After reviewing each system, application and process in detail, Concord developed a framework of privacy controls and requirements based on generally accepted privacy principles. The control framework was mapped against each individual data use case and system/application to provide specific privacy requirements to the development teams. The framework was also built in a way to identify functions desired by the client that could make the client a Business Associate under HIPAA.

Results area

By engaging Concord to consider privacy throughout the design of the new platform, our client was able to leverage a privacy control framework that helped reduce privacy risk and ensure compliance with privacy principles, laws and regulations. The client development teams were equipped with a roadmap to successfully implement privacy controls into each system/application by design. Perhaps more importantly, the client has clear awareness of functional compliance obligations and the ability to enable decision making.

Similar Projects

Skyscraper in the clouds
The HealthRules Advantage
Business Privacy