Case Study: HIPAA-regulated residential services organization achieves audit-ready compliance with Optum

HIPAA Privacy and Security Program Assessment

HIPAA, a residential services and support organization with more than 300 locations, faced an impending audit and struggled with HIPAA Privacy and Security compliance due to its small size, limited resources, and lack of in‑house subject matter experts. Optum was engaged to provide HIPAA Privacy and Security Assessment and consulting services, including mapping HIPAA Security controls to NIST SP 800‑53 to ensure the organization met regulatory requirements within a four‑month timeline.

Optum conducted an initial assessment and high‑level risk analysis, developed and delivered remediation measures (including a security training program), and produced 32 privacy and 36 security policies and procedures. As a result, Optum left HIPAA with an organized, audit‑ready Privacy and Security program, reduced security risk to an acceptable level, and positioned the organization to pass future audits and regulatory checks.

HIPAA