How Our Certified HIPAA Privacy Expert Ensures Data Security

In today’s digital landscape, protecting sensitive health information isn’t just about compliance; it’s about building trust. At Graphcom, data security is woven into the very fabric of our operations. We sat down with Matt Livelsberger, President of Graphcom and Certified HIPAA Privacy Security Expert (CHPSE), to discuss how our rigorous security practices enable creative solutions for sensitive clients.

Q: Can you briefly describe your role as a HIPAA Privacy Expert (CHPSE) and what responsibilities are included?

A: I keep up to date on any HIPAA or HITECH changes to ensure our policies and procedures align with the security controls mandated by privacy laws. I sit on Graphcom’s security team alongside our on-staff Security Officer, Brant, who ensures we stay up to date with the latest regulations. Essentially, this credential keeps me current on regulatory changes and ensures that our policies and procedures align with the security controls mandated by those laws.

Q: How do you stay current with evolving HIPAA regulations and industry best practices?

A: I take continuing education courses every year to maintain my CHPSE credential. The annual renewal process ensures that all the latest information and regulatory changes are part of the curriculum, so I’m always current on the most recent developments in HIPAA and HITECH requirements.

Q: Are there other compliance areas relevant to Graphcom you’d like to speak about?

A: Graphcom has invested in the highest level of HIPAA-related training available today. Additionally, we’ve maintained international SOC-2 compliance for the past decade. This requires us to provide evidence of actions our company takes to comply during annual audits. It can be a challenging process, but we’re used to it and have built it into our regular operations.

Q: How does your background in HIPAA compliance shape how you approach data security at Graphcom?

A: Not only do we understand privacy requirements, but we also push them further. We automatically adopt the latest, greatest extra security measures that aren’t necessarily required by law. It’s so important that we operate with a baseline of security that not only meets minimum requirements, but exceeds them. I’d rather take precautions and make triple sure that everything is safe and secure.

Q: What are your top priorities when it comes to protecting PHI?

A: We can put all kinds of technical safeguards in place, but the human element is the most significant. Some might consider our employee training to be excessive, but it’s necessary to ensure our employees understand the critical importance of data security. Phishing has become much more sophisticated, and it’s increasingly common for people to accidentally click on something they didn’t intend to click. We understand that even the most vigilant team can experience previously unseen attacks, so we must do everything possible to prevent them. We’ve been incredibly successful with this approach.

Q: How do you ensure compliance with HIPAA’s Privacy and Security Roles during day-to-day operations?

A: We ensure compliance through solid, scalable, and repeatable processes, along with built-in redundancies. You should have a backup for the first safety net and additional safety measures in case the second net fails. Our redundancies give us a chance to breathe and focus on our clients. We take security seriously, but it’s not something we fear because we’ve built such robust systems.

Q: What specific safeguards does Graphcom have in place to protect sensitive information?

A: We implement multiple layers of protection. We store PHI on segregated servers that are entirely encrypted, with strict levels of access control and additional security requirements. We use dual authentication processes, maintain strict controls and oversight, and require regular review of access logs to monitor who accessed what information and when. These technical safeguards work together to create a comprehensive security framework.

Q: In your words, what sets apart Graphcom’s approach to PHI?

A: Our expertise provides clients with the assurance their PHI is secure. They might not be able to predict the results of their next fundraising appeal, but they can fully trust that regardless of the type of outreach we’re conducting, we’re handling it with utmost safety and security.

What makes us different is that we take security so seriously that it has become second nature. This allows us to focus on addressing the real business challenges that PHI sensitive customers encounter. Without this robust foundation, we’d be constantly chasing compliance and worried about regulations. Instead, we have such a solid, regular structure that even when we evaluate new software, we conduct a full risk assessment and require SOC reports from vendors.

It’s a comfort we bring to our clients—they can focus on results without worrying about whether their PHI will be compromised.

Q: Can you briefly describe your role as a HIPAA Privacy Expert (CHPSE) and what responsibilities are included?

A: I keep up to date on any HIPAA or HITECH changes to ensure our policies and procedures align with the security controls mandated by privacy laws. I sit on Graphcom’s security team alongside our on-staff Security Officer, Brant, who ensures we stay up to date with the latest regulations. Essentially, this credential keeps me current on regulatory changes and ensures that our policies and procedures align with the security controls mandated by those laws.

Q: How do you stay current with evolving HIPAA regulations and industry best practices?

A: I take continuing education courses every year to maintain my CHPSE credential. The annual renewal process ensures that all the latest information and regulatory changes are part of the curriculum, so I’m always current on the most recent developments in HIPAA and HITECH requirements.

Q: Are there other compliance areas relevant to Graphcom you’d like to speak about?

A: Graphcom has invested in the highest level of HIPAA-related training available today. Additionally, we’ve maintained international SOC-2 compliance for the past decade. This requires us to provide evidence of actions our company takes to comply during annual audits. It can be a challenging process, but we’re used to it and have built it into our regular operations.

Q: How does your background in HIPAA compliance shape how you approach data security at Graphcom?

A: Not only do we understand privacy requirements, but we also push them further. We automatically adopt the latest, greatest extra security measures that aren’t necessarily required by law. It’s so important that we operate with a baseline of security that not only meets minimum requirements, but exceeds them. I’d rather take precautions and make triple sure that everything is safe and secure.

Q: What are your top priorities when it comes to protecting PHI?

A: We can put all kinds of technical safeguards in place, but the human element is the most significant. Some might consider our employee training to be excessive, but it’s necessary to ensure our employees understand the critical importance of data security. Phishing has become much more sophisticated, and it’s increasingly common for people to accidentally click on something they didn’t intend to click. We understand that even the most vigilant team can experience previously unseen attacks, so we must do everything possible to prevent them. We’ve been incredibly successful with this approach.

Q: How do you ensure compliance with HIPAA’s Privacy and Security Roles during day-to-day operations?

A: We ensure compliance through solid, scalable, and repeatable processes, along with built-in redundancies. You should have a backup for the first safety net and additional safety measures in case the second net fails. Our redundancies give us a chance to breathe and focus on our clients. We take security seriously, but it’s not something we fear because we’ve built such robust systems.

Q: What specific safeguards does Graphcom have in place to protect sensitive information?

A: We implement multiple layers of protection. We store PHI on segregated servers that are entirely encrypted, with strict levels of access control and additional security requirements. We use dual authentication processes, maintain strict controls and oversight, and require regular review of access logs to monitor who accessed what information and when. These technical safeguards work together to create a comprehensive security framework.

Q: In your words, what sets apart Graphcom’s approach to PHI?

A: Our expertise provides clients with the assurance their PHI is secure. They might not be able to predict the results of their next fundraising appeal, but they can fully trust that regardless of the type of outreach we’re conducting, we’re handling it with utmost safety and security.

What makes us different is that we take security so seriously that it has become second nature. This allows us to focus on addressing the real business challenges that PHI sensitive customers encounter. Without this robust foundation, we’d be constantly chasing compliance and worried about regulations. Instead, we have such a solid, regular structure that even when we evaluate new software, we conduct a full risk assessment and require SOC reports from vendors.

It’s a comfort we bring to our clients—they can focus on results without worrying about whether their PHI will be compromised.