Healthcare Project Management in a Secure SharePoint Environment
Healthcare project management can be quite difficult. Not only do you need to complete projects successfully and on time, but there is also a litany of rules and regulations that must be adhered to, especially when your projects are often working with sensitive information.
Implementing a project management solution in a secure, HIPAA/HITRUST environment will ensure you have the right tools to manage your healthcare projects, without having to worry about any security risks.
The rest of this blog will explore:
- What it takes to get your healthcare project management environment HIPAA/HITRUST compliant
- Why SharePoint makes sense as the platform to manage your healthcare projects
- How you can get up and running in with your project and portfolio management in a HIPAA/HITRUST cloud in 1-2 weeks.
What It Takes to Get HIPAA/HITRUST Compliant
First, let’s take a look at some of the differences between HIPAA and HITRUST, and what you would have to do to get your healthcare projects in compliance.
The difference between HIPAA and HITRUST?
HIPAA is a self-certification standard for healthcare organizations. If you want to have a HIPAA audit, you would have to have an ISO 27001 or FedRAMP audit of your policies and procedures. It is somewhat outdated and not a very prescriptive standard.
HITRUST is an emerging standard for healthcare organizations. It has an official certification and you are audited by certified HITRUST auditors. It is continually updated and has a very prescriptive standard.
One example of the difference is password controls. For HIPAA, the standard is “implementing procedures for creating, changing and safeguarding passwords.” There is a lot of leeway under this definition and you could do a lot of different things with your password and still be compliant. HITRUST, on the other hand, is very prescriptive with minimum length requirements, complexity requirements, change requirements, and password expirations.
These types of differences are true across all the controls in the standard.
Security Required Above Azure for HITRUST
In order for an environment to be certified HIPAA/HITRUST compliant at the application level, there are many security measures that need to be added above the Azure level. This list highlights the “top 14” controls, although there are more:
- Access Control
- Identity & Authentication
- Server lockdown
- Encryption in transit, at rest
- Vulnerability Scanning
- Patching & Updating
- Test environment
- Change Management
- Anti Malware & IDS/IPS
- Event Logging & alerting
- Incident Response
- Backup & DR with testing
- Cybersecurity Training
- Third party audit.
Options for Deploying in Azure
There are a couple of options for deploying applications and workloads in a HIPAA/HITRUST certified environment at the application level in Azure.
Do it yourself
The first option is to do it yourself, which would take roughly 3-6 months. You would need to learn Azure (if you don’t know it already), and also understand HIPAA and HITRUST. You would need the resources to implement app-level security and controls in Azure. You would also need to go through certification, including preparation and contracting a certified auditor. Finally, it would require internal resources to maintain the environment an on-going basis to ensure you remain compliant.
Work with a HIPAA/HITRUST Compliant Cloud
The second option is to work with an organization like Project Hosts (a BrightWork partner), who already have a security envelope and environment that is certified HIPAA/HITRUST compliant at the application level in Azure. It would only take about 1-2 weeks to set up. Project Hosts would learn about your workload and create the environment. In this hosted scenario, they would be there to ensure your environment remains in compliance.
Why Use SharePoint to Manage Your Healthcare Projects: A Summary
Now, let’s take a look at why SharePoint is the perfect environment to manage your healthcare projects.
You could manage projects with Excel
Many people use Excel to manage a project, and why not? It’s really easy to get started. Here’s a screenshot of a simple “Projects Tracker” in Excel.
But you will immediately run into challenges… did I update this, did Jane update it? Do I have the right version, do you? Who made the last change?
You will use Excel because it’s easy. You get the wonderful ability to be flexible and quick, but a challenge around control, extensibility, and scalability required for your healthcare projects.
Switch from Excel to SharePoint
At BrightWork, we would recommend moving from Excel to SharePoint for project management. Most of our healthcare customers want to start in an easy way. They want their project management to be simple, clear, transparent and controlled in an environment like SharePoint.
So in the BrightWork solution, we have the idea of the Projects Tracker template in SharePoint. It’s really the same idea that we had in Excel above.
By managing projects like this in SharePoint, you get the same visually attractive environment you were using in Excel. But the difference is that there is only one version of this truth. It is in SharePoint.
SharePoint gives you a controlled environment, where you can have multiple projects with associated documents, tasks, and issues if you wish. All in one simple SharePoint site (that is in an environment with the standards and protections of HIPAA / HITRUST mentioned above).
Move to a SharePoint Site per Project
You’ll probably outgrow the Projects Tracker at some stage. Or one of your projects will require more process. So you could also use an out-of-the-box SharePoint team site to manage your projects. The problem with out-of-the-box SharePoint, though, is that it does not look like a project.
You can store and share documents, but it’s not set up to run a project. So you can extend that site with project management templates to create a site in SharePoint that is built specifically for project management.
Manage Across Projects all your Healthcare Projects
As you do this for lots and lots of projects, you will end up with many projects in the tracker, or others in their own individual sites in the SharePoint environment. So every project has its own environment, it’s own controls and project site. But with BrightWork, you can bring them together and aggregate up to portfolio- and program-level dashboards for a view across all the projects in the organization.
Save the SharePoint Sites as Templates
One additional benefit of SharePoint is the ability to save your project sites as templates. This is particularly useful for healthcare project management, as these would represent the way you want the projects run, using your local best practices with all the standards and controls built in. And all of that would be housed inside your HIPAA / HITRUST compliant environment in SharePoint.
Getting your healthcare projects HIPAA/HITRUST compliant will take be expensive, take time, and require on-going support to ensure you remain compliant. With the HIPAA/HITRUST Project Management JumpStart from BrightWork and Project Hosts, you will get excellent and appropriate project management, in the safe and secure SharePoint environment in Azure that you need.