Healthcare technology is evolving rapidly. Across the globe, organizations are inventing and deploying new technologies to solve persistent problems and integrate information electronically—greatly improving the health of patients and the ability of clinicians to provide paramount care. Oftentimes, this technology is for monitoring purposes which allows clinicians to ‘see’ things before they advance to complications and proactively treat a patient. This creates a better outcome for the patient and reduces the overall cost for treatment.
However, with innovation comes responsibility. Protecting patient data and remaining compliant with the extensive regulatory requirements issued to safeguard information is crucial, and must be considered when applying new technologies. A myriad of healthcare technology companies are entering the U.S. healthcare market to assist with doctor/patient interactions, improve patient outcomes, and reduce hospital readmission rates. Diabetis JSC, a small international health device startup, engaged with Wolf & Company, P.C. to prepare for the regulatory and cybersecurity requirements necessary for entry.
Background
Diabetis JSC, a healthcare device developer originating in Lithuania, developed a new solution to monitor for signs of inflammation over the soles of the feet, which may help detect diabetic foot ulcers at early stages. Diabetic foot ulcers are a common complication of diabetes; they are difficult to diagnose early, and even more difficult to treat. Temperature changes in the foot can be an early indication of a diabetic foot ulcer, and Diabetis’ device provides a convenient and accurate way to identify these changes. In order to finalize and distribute their invention, the company needed to first become HIPAA Security Compliant, and then obtain FDA approval in the United States. Not having a designated security officer, the company turned to Wolf to help them through the upcoming processes.
“As we researched the efforts to enter the U.S. healthcare market, we knew we did not have the internal resources to meet the complex regulatory and security requirements needed. After doing our due diligence, we concluded that Wolf & Company, P.C.’s vCISO (virtual Chief Information Security Officer) practice had the necessary skillset to not only identify what we needed to do, but also to get it done,” said Gintarė Marinė of Diabetis JSC.
Challenge
The company didn’t have the staff or internal knowledge regarding HIPAA regulations in the U.S., or the specific cybersecurity requirements under the HIPAA Security Rule
And, since the company was scheduled to begin clinical trials, timing was crucial. The organization needed to understand exactly what to do to become HIPAA compliant, including:
• What policies and procedures needed to be developed and implemented
• How to train staff and other members of the workforce (a majority of which were remote)
Additionally, the company and Wolf had to navigate a seven-hour time difference between countries.
Outcome
Wolf worked diligently to assist the company in this effort, creating an aggressive schedule and framework in order to keep the project timeline tight and deliver the necessary policies, procedures and training materials. Because of the time difference, working within their time zone was key to achieving success. In this project, interactive sessions with the client were critical to getting it done. Wolf provided templates for the effort, breaking down weekly working sessions into manageable blocks to attain the greatest outcome. Usually, developing policies and procedures in such a short period of time would be unlikely, but Wolf’s collaborative approach helped guide the company to HIPAA compliance and helped implement needed security controls allowing them to seek FDA approval.
Takeaway
Diabetis JSC can now move forward and pursue FDA approval, knowing they have proper HIPAA policies and procedures in place. Wolf helped the company navigate a complex (and foreign) regulatory sector, analyzing their systems and providing comprehensive solutions to ensure compliance and initiate innovation.
“Wolf’s depth and breadth of regulatory experience, coupled with their expertise in information security controls, were instrumental in helping JSC expedite the formation of our Healthcare compliance and information security strategy as we entered the U.S. healthcare market,” said Urtė Steikūnienė, COO Diabetis JSC. “Renee Broadbent and her team at Wolf were flexible and responsive to all of our requests, questions, and concerns. They were able to cut through the regulatory complexity and present a clear view on what policies, security procedures, and overall compliance frameworks we needed to not only comply with the HIPAA regulations, but also improve our overall security posture. We consider Wolf & Company, P.C. as a strategic and trusted partner.”
