CASE STUDY

Power Digital Case Study

How the marketing giant Power Digital achieved HIPAA compliance in just 3 months.

"Constant communication. Weekly meetings. Went out of their way to be minimally intrusive to our business."

- Steven Stavrou, Director of Client Success.

Challenges

Power Digital is a marketing agency that empowers its clients to maximize their potential by creating great customer experiences, building brand loyalty, and capturing new market share. Power Digital’s passion and processes help clients to become the best versions of themselves.

To better serve clients in the healthcare industry, Power Digital needed to achieve compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Under HIPAA, all business associates of covered entities need to limit the use and disclosure of protected health information (PHI) to permitted use cases. Eligible organizations must also install administrative, physical, and technical safeguards to ensure security, integrity, and confidentiality of PHI.

To build and maintain relationships with lucrative clients in the healthcare sector, Power Digital needed to achieve compliance. In particular, Power Digital needed to find a managed security services provider (MSSP) who could optimize their standard operating procedures, training, documentation, and testing to achieve and then maintain HIPAA compliance.

Gather Information

RSI Security conducted a series of regular 30-minute sessions and longer investigative sessions to confirm the scope of our advisory. These informed our custom-tailored Technical Writing solutions, which produced immediate results in program design and implementation. RSI Security created new policies and made adjustments to Power Digital’s existing policies to comply with HIPAA’s latest Privacy, Security, Breach Notification, and Enforcement Rules.

“RSI held weekly meetings and provided us with documents to complete,” recalls Steven, “they walked us through the entire process and were there to answer any questions.”

Compliance Assessment

RSI Security collaborated with Power Digital to review, inspect, interview, and ultimately verify its overall environment of policies, procedures, and cultural elements complied with HIPAA standards. RSI Security enabled Power Digital to determine what remediations were needed and implement them in the short term to achieve compliance. We also produced evidence for compliance documentation and set up policies to ensure HIPAA compliance over a longer term.

“They conducted pen testing and training remotely, which was a relief during COVID. The relationship was wrapped up with approval of all documentation they provided for us and letters of attestation and compliance,” says Steven.

Outcome

Power Digital is now fully HIPAA compliant—the company ensures the safety and security of all PHI it comes into contact with when servicing clients within and adjacent to the healthcare sector. The engagement with RSI Security also helped to maximize and optimize Power Digital’s overall cyberdefenses. Power Digital is now well positioned to grow its relationships in healthcare and beyond.