HIPAA IT Consultants

We’ll help your medical practice stay secure and avoid costly penalties

Free Consultation

What’s the worst that can happen?

Unlike many industries, the healthcare industry is required by law to meet strict security, policy, and procedural requirements regarding the customers data they handle. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) charges the Secretary of the US Department of Health and Human Services (HSS) to develop regulations to enforce this act. HSS has published the HIPAA Privacy Rule and the HIPAA Security Rule to meet that mandate. The Privacy Rule establishes standards for the protection of certain types of health-related information, while the Security Rule establishes a set of security standards for protecting certain health information where it is stored and while it is in transit, electronically.

When a violation occurs, penalties can be levied. Penalties can be both very hefty financially and take a toll on a company’s reputation as well. Here are a few examples of fines and a website where you can view an extensive list of violations:

Covered Entity

Amount

Premera Blue Cross

$6,850,000

CHSPSC LLC

$2,300,000

Aetna

$1,000,000

City of New Haven, CT

$202,400

Steven A. Porter, M.D

$100,000

Did you know?

On January 5th, 2021, President Trump signed into law HR 7898? It amended the Health Information Technology for Economic and Clinical Health Act (HITECH Act), part of the ARRA, and it requires HHS to take into account whether an organization has, or has not, been using recognized cybersecurity best practices to comply with the HIPAA Security Rule. It’s meant to incentivize healthcare organizations to invest in cybersecurity, which brings to mind the old adage “an ounce of prevention is worth a pound of cure”.

What will HSS Consider?

They must consider whether a covered entity or business associate has implemented security solutions when making certain determinations. That doesn’t mean a covered entity just implemented security yesterday, last week or even last month. They’ll be checking to see if a solid security framework has been in place for the past year. The act specifically states:

“…the Secretary shall consider whether the covered entity or business associate has adequately demonstrated that it had, for not less than the previous 12 months, recognized security practices in place..”

This legislation identifies the significance of cyberthreats to the healthcare sector, while addressing concerns of the healthcare industry. The healthcare industry has complained that there have been significant penalties levied against organizations who have implemented cybersecurity programs, and other best practices, but have none the less been victims of cybersecurity attacks. This legislation should both help with those complaints and motivate companies to invest in cyber security.

If you’ve been employing adequate security practices, fines may be mitigated. Additionally, having adequate security may also “result in the early, favorable termination of an audit under section 13411” and “mitigate the remedies that would otherwise be agreed to in any agreement with respect to resolving potential violations of the HIPAA Security Rue”. There are many benefits to having a solid security solution in place.

What’s next?

Do you have a mature cybersecurity framework deployed? Do you host your cloud-based IT services with providers who are HPIAA compliant? Do you partner with an IT firm who’s not only well versed in HPIAA, but cybersecurity in general? And are they HIPAA compliant themselves? If you can’t answer with a definitive yes to ALL these questions, we invite you to give us a call. The sooner you take the first step the sooner we can help get you to where you need to be.

What We Offer and Who We Are

We’ll go above and beyond the “minimum” to not only get you compliant, but secure. Our security background goes well beyond HIPAA. We have extensive experience is securing both commercial and classified DoD systems. We’ll put that expertise and experience into every aspect of your business’s security posture.

  • Evaluate - We can evaluate your current network business environment.
  • Assess - We will provide a complete assessment of your overall security health.
  • Implement - Implement a complete security plan to provide a comprehensive security solution.
Our company is the leader in network security, contact us today for more information.