Case Study: Humana Tackles Compliance Early and Often - ' From Regulated to Heavily '
(
Page 7 of 8 )
Regulated">
From Regulated To Heavily Regulated
Moore likes to say that the difference between Humana before and after HIPAA and SOX is that the company went "from regulated to heavily regulated."
What that transition has meant, in practice, is there is nothing usual about business as usual at Humana. Somebody, somewhere is always changing a rule and redefining what it means to comply, and Humana must continually adjust.
The saving grace for Humana is that while the company must accommodate itself to the twists and turns of regulation, it no longer requires reinvention of the compliance wheel. "All these regulations are not rocket science. They have common themes," says Moore. All of them require controls, ways to prove those controls are in place, security both on the perimeter and inside an organization, privacy and data-access management, the need for security, and ways to track and measure individual behavior, such as who's had training, who's changed passwords and the like.
Even Humana's customers have gotten into the act: "They're much more concerned about how we're protecting their information," Moore says. "And they have a fairly rigid set of requirements they're evolving that they're expecting us to be able to meet." That makes compliance a selling point for Humana's services, yet another reason to stay in line.
Story Guide:
Humana Tackles Compliance Early and Often
Compliance Inc.
New Security Director
IT's Role in Compliance
Good Corporate Hygiene
The Culture of Compliance
From Regulated To Heavily Regulated
Sidebar: The Cost of Compliance
Sidebar: The Cost of Compliance
test
Case Studies 
