HRM's 'Four Tops' Ready to Tackle HIPAA Security

by Mark Carter  on Monday, May. 5, 2014 12:00 am  

A glance at the leadership team of Fayetteville startup HIPAA Risk Management will reveal no CEO, no president — only four vice presidents, all female, who divvy up responsibilities based on their own personal expertise.

These "four tops" — Anna Drachenberg, VP of client services; Katie Lay, VP of sales and business development; Catherine Ganahl, VP of technology; and Elizabeth Green, VP of marketing and planning — founded HRM last year to address the compliance aspects of new security regulations regarding HIPAA, the Health Insurance Portability & Accountability Act. 

Drachenberg, tabbed by the group to serve as HRM spokesperson, said most health care organizations don’t possess the technical expertise to properly secure their data.

"With our combined expertise in health care, regulatory compliance and technology, we knew we could provide a valuable service that met the needs of those in the health care industry," she said. "As a result, HIPAA Risk Management was founded."

The founders developed proprietary software, the Online HIPAA Security Manager, which provides risk analysis, a personalized corrective action plan, customized documentation, HIPAA security and privacy training, and a tailored risk management plan.

HRM's customers include doctors' offices, dentists' offices, clinics and electronic health record system operators. Most of its clients are in Arkansas, but others are located in Missouri, Texas and Utah, where two of HRM’s advisers and its chief medical officer are based.

Drachenberg said HRM distinguishes itself from competitors by focusing on data security and lowering the risk for a data breach rather than simply on HIPAA compliance.

According to a 2013 Ponemon Institute study, 94 percent of all U.S. health care organizations have experienced at least one data breach. The study found the average cost to each organization per breach was $188. The top three causes of data breaches at health care organizations are lost or stolen computing devices such as laptops, employee error or theft and third-party errors.

Plus, HIPAA data breaches can be costly to an organization’s bottom line — businesses can be fined up to $1.5 million per penalty.  

"A health care provider can be in compliance with HIPAA and have a data breach," she said. "Our goal is to prevent the data breach in the first place. In many areas, our clients exceed the baseline requirements for HIPAA compliance. We provide all of our clients, large or small, a customized, effective data security and health care compliance program from start to finish."

HRM employs nine full-time workers with plans to open up new markets and continue to raise funding rounds. In fact, Lay just moved to Texas from northwest Arkansas to work on opening more markets there. Ganahl is preparing to join Drachenberg in Fayetteville, and Green is based in California. 

"We’ve been in business less than a year, and in that time we’ve developed our Online HIPAA Security Manager technology, put a product in the market and have existing clients who are set to renew their services later this year," Drachenberg said. "We’ve also received a lot of attention outside of Arkansas about our products and services. Our vision has always been to improve health care security on a national scale."

Starting up represents challenge enough; Jeff Amerine, University of Arkansas Technology Ventures director and Innovate Arkansas adviser, said that the investment rate for an Arkansas venture capital firm with which he’s familiar is about three-tenths of 1 percent. So for every 100 prospects, that firm funds less than 1 percent. 



Please read our comments policy before commenting.