top of page

Building a Robust Privacy Program

The Challenge

A managed care organization serving Medicaid populations across multiple states, required stringent adherence to privacy and security regulations. The organization needed to establish an effective privacy team to manage compliance with privacy regulations, develop new policies and procedures, and enhance training programs to ensure all staff were adequately trained in privacy matters. Additionally, the organization required a robust breach reporting process and effective handling of privacy-related complaints from members.

The Solution

Jessica Zeff, CEO of Simply Compliance, spearheaded the initiative to build and develop the organization's privacy team. Her approach included several key components:


  • Team Building and Education: Jessica recruited a dedicated privacy team and provided extensive training on privacy and security regulations and compliance. This included developing and implementing new policies and procedures.

  • Collaboration with Security Team: She worked closely with the security team to draft a comprehensive HIPAA risk assessment, ensuring alignment with regulatory requirements.

  • Training and Education Development: Jessica rewrote the new hire orientation training and developed new annual compliance and privacy training programs. She also put processes in place to ensure all staff completed mandatory training.

  • Breach Reporting Processes: She implemented a robust breach reporting process to manage potential privacy breaches effectively.

  • State Compliance: Given the organization's operations across multiple states, Jessica analyzed state-specific privacy and security requirements and provided tailored training and procedures to meet these requirements.

  • Risk Management and Collaboration: Jessica managed HIPAA breaches and risk management activities, frequently collaborating with the legal team, cybersecurity, and forensics to maintain a strong privacy and security posture.

  • Member Services Training: To handle privacy-related phone calls from members, Jessica developed a unique training program for the member services staff. This training included skits to provide practical, scenario-based learning. The program's success enabled member services staff to collect better information, allowing Jessica's team to conduct thorough investigations.

The Results

Jessica's efforts led to the establishment of a highly effective privacy team and a significant enhancement in the organization's compliance training programs.  An external audit found that the organization had robust privacy policies and procedures, that staff were well-trained and met mandatory training requirements, and that there were strong processes in place to identify and report potential privacy breaches.

The Conclusion

Jessica Zeff's leadership in building and developing the privacy team, combined with her innovative approach to training and compliance, significantly strengthened the organization's privacy and security framework. Her ability to collaborate with various stakeholders and implement effective processes ensured ongoing compliance with state and federal privacy regulations.

bottom of page