Keeping a Lid on Risk - Taking a Healthy Approach to GRC
(
Page 8 of 8 )
Taking a Healthy Approach to GRC
Managing health and medical records for a state with a population of 3.8 million is no small task, but the Department of Human Services for the state of Oregon takes the challenge seriously. Only a few years ago, spreadsheets and a mélange of systems made it difficult to track records.
Handling all the data—and ensuring adequate security and privacy—was nothing short of daunting. “Medicare, Medicaid, HIPAA, USDA and other programs created significant regulatory, compliance and security challenges,” says Chief Information Security Officer Kyle Miller.
No longer. Today, the agency manages somewhere in the neighborhood of 5,000 contracts and hundreds of thousands of individual records with CA GRC Manager. After entering pertinent regulatory and compliance requirements, the application ferrets out relevant documents and files and ensures that policies and workflow match organizational requirements. Moreover, “We are able to make sure that employees have read and signed off on rules,” says Matt Betts, program and project manager in the Information Security Office.
Along the way, Human Services has ramped up project management and project portfolio management, assessment tools, audit policies, information exchange with partners and more. Today, the agency enjoys greater flexibility and scalability, including the ability to extend business processes and rules throughout the agency and beyond. With a unified view of compliance, it has reduced costs and improved productivity.
“We’ve brought structure to our high-level strategy,” Betts says. “We’ve built a framework for managing data more effectively and securely, while minimizing overall risk.”
