Worried About Surviving a HIPAA Audit or Data Breach?


HIPAA is complicated and you need to eat the HIPAA elephant one bite at a time. HIPAA violation is expensive, dirty and devastating:

  • A 5-doctor practice in Arizona paid $ 100,000 for sending patient data through online e-mail.
  • The Alaska Department of Health paid $ 1.7 million for a lost backup tape.
  • A respected Massachusetts hospital paid $ 1.5 million for a lost laptop.
  • The government said even small practices must comply and the fines were not just for the incidents, but for ‘willful neglect’ of the HIPAA Security Rule.

HIPAA covers everything from what staff members do, say, write, access and share with each other, patients, family members, friends, vendors, the media and the government. HIPAA governs the management of all paper and electronic data, created, received, or accessed by a HIPAA Covered Entity or Business Associate. This could be a simple as a handwritten note on a napkin, a formal medical record in an Electronic Health Record system or a voice message.

HIPAA requires about 50 steps to secure technology, but these steps cannot be completed from within an IT department. State laws, industry regulations, contracts and insurance requirements can alter your compliance program.

HIPAA-in-a-box doesn’t work most of the time. You must invest time, effort and money to properly protect your organization. Our HIPAA assessment will help you identify the vulnerabilities in your compliance. You can implement the solution by utilizing your internal staff, outsourced IT company or we can help but you need this MOST IMPORTANT HIPAA assessment now.

The HIPAA Security Rule is all about implementing effective risk management to adequately and effectively protect EPHI – National Institute of Standard & Technology (NIST)

To comply with HIPAA, you must continue to review, correct or modify, and update security protections – Office of the National Coordinator for Health Information Technology

You can’t ignore or keep delaying risk management. Organizations have paid millions in fines while trying to save few thousands in remediation.

Even if you have a trusted IT person/team or outsourced IT company who put your current network in place, it never hurts to get a third party to validate that nothing was overlooked. We have no one to protect and no reason to conceal or gloss over anything we find. If you want the straight truth, we’ll report it to you.

Complete the form on this page 
to schedule your CONFIDENTIAL 
HIPAA Assessment today.

Important! We hate spam as much (or more!) than you and promise to NEVER rent, share, or abuse your e-mail address and contact information in any way.

IT Director, Health Care Facility, NY
Even though I serve both as the county IT director and the HIPAA Security Officer, I would not have been able to identify some of the issues you uncovered.