Challenge
For over 25 years, the U.S. Department of Health and Human Services (HHS) governed the Health Insurance Portability and Accountability Act (HIPAA) federal law that mandates national standards to protect sensitive patient health information from being disclosed without the patient’s consent of knowledge. Failure to comply can leave organizations on the hook for a hefty fine. The maximum penalty as of 2022 is $1,919,173.
Many organizations face common HIPAA compliance challenges including integrating emerging technology, securing and encrypting data, misconduct, and budget constraints. Compliance is often perceived as a huge and complex undertaking with daunting federal guidelines carving the path to compliance.
When Mendix Technology, BV (Mendix) faced similar challenges, they realized they didn’t have the internal expertise needed to manage the compliance process on their own. They needed a trusted and independent third-party to help them meet HIPAA requirements. They turned to Drummond to assess their current security control implementations and identify potential gaps in compliance of the confidentiality, integrity, and availability of protected health information (PHI).
Mendix enables the healthcare industry and healthcare providers to provide safe, secure and innovative solutions that address patient and provider needs while maintaining strict privacy controls in compliance with the Health Insurance Portability and Accountability Act (HIPAA) protocols.
Approach
At the time, HIPAA validation for Mendix was of critical importance due to the Covid-19 pandemic, which fast-tracked the need for virtual and remote healthcare solutions around the globe. Today, patients demand mobile applications that give them the ability to schedule visits, connect directly with their medical providers, and easily access their personal health data including prescriptions—all while new Covid test tracking and contact tracing applications sprung-up worldwide.
Drummond experts performed a comprehensive HIPAA Gap Assessment to evaluate Mendix’s compliance with the HIPAA requirements. The Drummond methodology scrutinizes a broad range of safeguards, processes, policies and documentation regarding the confidentiality, integrity, availability and privacy of protected health information. Mendix then received a comprehensive report that identified gaps and provided actionable recommendations.
“Anytime you’re dealing with a healthcare environment, particularly hospitals, security and privacy are paramount concerns—and third-party HIPAA validation is a credential that adds to our credibility as well.”
Richard D. Palarea, CEO KermitResults
With support from Drummond, Mendix’s final evaluation was successful without any new or remaining gaps previously identified during the assessment. By partnering with Drummond to conduct the gap analysis Mendix was able to improve their HIPAA compliance processes and avoid violations and costly enforcement actions.
The trusted and well-known Drummond HIPAA Assessment badge provided Mendix with value above and beyond compliance and enforcement avoidance. It helped them build trust and confidence as proof to their customers and prospects that their solutions were compliant. One such customer, PA & Associates Healthcare (known as Kermit®) was also able to benefit from Mendix’s compliance. Kermit, a company that helps hospitals manage and reduce physician preference items (PPI) built their solution on the Medix platform. As shared by Richard D. Palarea, CEO of Kermit, their work does not touch patients directly, but he believes the value of verified HIPAA compliance to hospital executives can’t be overestimated. He stated, “Anytime you’re dealing with a healthcare environment, particularly hospitals, security and privacy are paramount concerns—and third-party HIPAA validation is a credential that adds to our credibility as well.”
Mendix now has peace of mind, as do their customers, knowing the Mendix platform helps reduce risk and protects PHI.
In a digital-first world, customers want their every need anticipated, employees want better tools to do their jobs, and enterprises know that sweeping digital transformation is the key to survival and success. Mendix, a Siemens business, is quickly becoming the engine of the enterprise digital landscape. Its industry-leading low-code platform and comprehensive ecosystem integrates the most advanced technology to support solutions that boost engagement, streamline operations, and relieve IT logjams. Built on the pillars of abstraction, automation, cloud, and collaboration, Mendix dramatically increases developer productivity and empowers a legion of not-so-technical, ‘citizen’ developers to create apps guided by their particular domain expertise, facilitated by Mendix’s engineered-in collaborative capabilities and intuitive visual interface. Recognized as a leader and visionary by leading industry analysts, the platform is cloud-native, open, extensible, agile, and proven. From artificial intelligence and augmented reality to intelligent automation and native mobile, Mendix is the backbone of digital-first enterprises. The Mendix enterprise low-code platform has been adopted by more than 4,000 leading companies in 46 countries.
Mendix enables the healthcare industry and healthcare providers to provide safe, secure and innovative solutions that address patient and provider needs while maintaining strict privacy controls in compliance with the Health Insurance Portability and Accountability Act (HIPAA) protocols.