Case Study: Penn Highlands Healthcare


Customer: Penn Highlands Healthcare
Customer Size: 3,431 Employees
Location: 4 hospitals in Penn Highlands Brookville, Penn Highlands Clearfield, Penn Highlands DuBois, and Penn Highlands Elk
Industry: Healthcare

Customer Profile:

Penn Highlands Healthcare provides residents with access to the region’s best hospitals, physicians, a nursing home, home care agency and other affiliates who believe that healthcare should be managed by local board members who live and work in the communities they serve.

Client Challenges

  1. As a hospital system, Penn Highlands needed to be diligent in safeguarding the security, confidentiality, and integrity of the electronic Protected Health Information (ePHI) entrusted to them.
  2. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that a risk assessment is conducted of healthcare organizations that include covered entities and properly addresses Business Associates. A risk assessment would help their organization ensure it was compliant with HIPAA’s administrative, physical, and technical safeguards.
  3. Penn Highlands also knew the risk assessment might reveal areas where their electronic Protected Health Information (ePHI) could be at risk.
  4. Penn Highlands was looking to find a way to mitigate the challenge of the daily, and time-consuming process of identifying these potential risks. They knew that the cost of employing and sustaining acceptable security controls to protect an entity’s ePHI far exceeds what is often budgeted.
  5. As a result, there was a concern that ePHI may be under-protected and left susceptible to a data breach. Penn Highlands needed a long-term, dependable and cost-effective approach to HIPAA compliance.

“It is comforting to know that we have a trusted partnership with Reclamere and that their security team is an extension of my team. In the event of any type of cyber activity, we know who to call and they know what to do to assist us. Further, their CSO360 program proactively keeps us up-to-date with our risk assessments and helps us develop policies and procedures based on industry best practices.”
Tom Johnson, CIO/CISO
Penn Highlands Healthcare

Businessman in office working on laptop


  1. A third party risk assessment allowed Penn Highlands to receive an unbiased, neutral assessment that examined the company’s programs, identified its strengths and weaknesses and assisted the company in enhancing the usefulness of current programs.
  2. Reclamere’s CSO360 is now able to perform the role of a full-time Chief Security Officer for Penn Highlands.
  3. CSO360 allows the Information Security Department within Penn Highlands to focus on critical IT projects – thus leveraging their internal team.
  4. CSO360 allows Penn Highlands to tap into the subject matter expertise of a Reclamere security and compliance expert whenever needed. Reclamere’s experts now act as confidential advisors, allowing their executives the opportunity to get guidance from industry leaders.
  5. Collaborative workflows now allow Penn Highlands to be vigilant about incoming threats, leverage the knowledge and skills of a Reclamere senior security consultant and maximize their internal staff, budget and ROI.

The two core benefits represented in this case study are our risk assessment and CSO360 services.

  • The primary benefit of a third-party risk assessment is that it circumvents the prejudices and challenges that can hamper an objective appraisal of a company’s IT security culture. An unbiased, neutral assessment will serve as the foundation for building a robust security program.
  • The risk assessment is typically followed by identifying and prioritizing risks, deciding how best to mitigate those risks, and implementing the best solutions. The process then circles back around to assessing the effectiveness of the improvements that have been made.
  • This process is ongoing due to changes both in the environment of the organization and the continuing evolution of new threats, both internal and external.
  • Reclamere’s CSO360 security specialists work side by side with your IT team every step of the way, giving you both expertise and peace of mind.

About Reclamere:

Reclamere, Inc. is a Tyrone, Pennsylvania-based IT consulting firm specializing in information protection at every point in the data lifecycle. Our services include risk assessments, data security consulting and managed security service plans. All our services are provided with the fundamental goal to help clients achieve, maintain, and demonstrate security compliance; while significantly improving their security posture. For more information about ePHI data security, please call us at 814-684-5505 or complete the form on this page.

Downloadable Version of Case Study

Get Updates

Request Your Quote

Reclamere Information Lifecycle

NAID AAA Certification

Certified for:

Plant-Based Computer Media & SSD Destruction-Physical & Sanitization

Mobile Computer Media Destruction-Physical

Learn more about our: