Selecting a Large-Scale, Secure and HIPAA-Compliant Covid Scheduling Solution
A year ago, the coronavirus threw the world into a historic crisis. One industry pushed to the brink was the U.S. healthcare system.
Now, with the arrival of life-saving vaccines, hospitals that were once tasked with treating waves of sick patients are now shifting gears to distributing vaccines to millions in an effort to pre-emptively save lives and end the social distancing measures that have wrought significant hardship on businesses and personal lives.
The rollout, management, and application of Covid vaccine injections is no small task given the numerous regulatory pressures foisted on the healthcare system. For this reason, when a major hospital in western Massachusetts needed software to effectively schedule vaccination appointments, it also had to determine if the solutions available were fully compliant with HIPAA and other privacy mandates.
Towerwall was called in to evaluate three possible vendor solutions in order to determine the most secure and regulation-compliant package, one easy for non-technical users to master and which could also scale and be universally applicable.
Towerwall reviewed the first security package and determined it collected patient data, the name and email address of a patient scheduling an appointment for a vaccine, and while the amount of ePHI data collected could be minimized, it could not be eliminated; a requirement to be fully in compliance.
A source of concern was the fact that the second vendor solution evaluated lacked both SOC 2 certification and did not live up to the ISO 27001 standard. Unfortunately, this shortfall immediately removed it as a possible solution candidate.
The third vendor solution reviewed was HIPAA-compliant but, on closer examination, had an SOC 2 certificate which expired in May of the previous year. Asked about this, the vendor disclosed they were “developing its internal procedures and policies on its path to achieving SOC 2 re-certification.”
Given a choice of these three solutions and the urgent need to move quickly to distribute the vaccine, Towerwall recommended the third option which it deemed as the best scheduling solution. Towerwall also suggested it be implemented with certain controls and procedures to mitigate the expired SOC 2 certificate.
With the green light given, the hospital implemented the cloud-based solution and is now using it both for coronavirus testing and vaccination appointments.