4 Pillars IT Security Assessment - HIPAA

Did You Know That Your Medical Practice Is
Required By Law To Comply With HIPAA?

One of our local medical practices here in Raleigh, NC just lost $750,000. Are you next?

Are You Secure?

If you haven't done our assessment. You're at risk!

  • Click to setup an appointment today! Learn how much your Medical practice is at risk.
  • FREE HIPAA Review Call to determine if your Medical practice is at risk from hefty HIPAA fines.
  •  Identify common mistakes most Medical practices make that could cause non-compliance, huge fines and what to do about it.
  •  Identify potential costs for not complying with HIPAA.
  •  Discuss any HIPAA security issues, ongoing problems or concerns you have with HIPAA and/or technology.

Yes, I'd like to jump on a call with you to see if I'm HIPAA compliant.

100% Privacy Guaranteed.


Client Testimonials

Just appearing to be unnecessarily vulnerable by the OCR, can be catastrophic

Given the very technical nature of this field, and it's constant changing methods of threat, it becomes very obvious that direct help from Craig and his team is the best solution for most of us. 

-Surgeon in NC

A Must For Any Practice

The Four Pillars Security Risk Assessment gave me all of the information I needed to make informed decisions on how to secure my practice.

-Attorney in Raleigh, NC

Highly Recommended!

I have worked with Petronella to implement EMR (Electronic Medical Records) in the Durham, NC area. He is extremely professional and very knowledgeable.

-EMR Solutions Provider

Craig Petronella, World's Foremost Expert on HIPAA AND Cybersecurity has authored multiple books, including How HIPAA Can Crush Your Medical Practice and Peace of Mind Computer Support. He has spent thirty years advising clients and protecting computer information. Craig makes sure your Medical practice network works when you need it the most, and is a celebrity in his field and hometown.

Craig is frequently quoted in the local Raleigh news and appears on local TV news for his expertise in protecting local businesses and medical practice owners from hackers halfway around the world in places such as Ukraine, Russia, and China. Petronella has been quoted and featured on ABC News North Carolina, CBS News North Carolina, NBC WNCN, Raleigh & Charlotte, NC Time Warner Cable News, PRNews Wire, and Newsobserver.com.

The consequences of NOT being HIPAA compliant can crush a Medical practice putting them out of business. The hefty fines of $50,000 or more per infraction can sky rocket fast.

Raleigh Orthopaedic in Raleigh, NC recently had to pay $750,000 for a HIPAA violation.


Amazon #1 Best Selling Author:
How HIPAA Can Crush Your Medical Practice

Yes, I'd like to jump on a call with you to see if I'm HIPAA compliant.


Yes, I'd like to jump on a call with you to see if I'm HIPAA compliant.


Risk Assessment & Remediation Employee Training Policies & Procedures

Important Policies and Procedures Required by HIPAA

You Need a Business Associate Agreement (BAA) In Addition to:

  • Written Information Security Policy
  •  Disaster Recovery Plan
  •  Sanction Policy
  •  Emergency Operations Policy
  •  Network Security Policy
  •  Access Control Policy
  •  Computer Use Policy
  •  Equipment Disposal Policy
  •  Termination Policy
  •  Security Incident Response
  •  Facility Security Plan
  •  BYOD Policy

  • Would you like to know if you have any ticking time bombs in your computers, network or servers?
  • Would you like to stop worrying about the latest ransomware, malware, or virus attacks that are crippling hospitals and medical practices and instead focus on growing your medical practice?
  • Did you know that one innocuous USB stick can cost you millions of dollars in federal fines for breaching HIPAA?


Here are some of the big problems we look for and assess during our analysis:

  • Neglected computers, neglected servers – Software updates come out every week and most small Medical practices don’t think they need them. If you don’t it will eventually lead to downtime and a failure. If you don’t do patches you will get hacked. If you don’t do maintenance you’re going to crash. If you don’t keep system clean it will overheat. If you don’t maintain the server it will overheat. If it’s not maintained and cleaned it will overheat. If you’re not on top of the hard drive it will fill up and run out of space. Same thing with a server. – ex. make sure you have the latest java version. Server hosts everything for your company. Ex. 10 user company server goes down & 10 people can’t work. Can’t access client files. Cost is salary per hour x number employees.
  • Data backup & disaster recovery – Most companies think they have a good system but when we audit them we find that they don’t. If you’re building burned down today, could you recover? If you were to experience a failure, could you recover? Do you have pictures of your kids on your computer? One woman had 30,000 pictures of her kids, friends, family, trips and cherished moments collected over the years. If she experienced a crash, she could likely lose all of them. Do you want to lose all those pictures and memories? Same with all your important documents.
  • Security – Inadequate firewall protection, viruses, security updates and performance patches, network monitoring (proactively detect failure and downtime). Virus infections – susceptible to hacking, slow performance.
  • Wiring – Could have wrong wiring causing networking to go down.
  • Power protection -  8/10 businesses do NOT have the proper power protection. Did you know there are 9 Power Problems that can harm your computers and corrupt your data? Click here to learn more. The risks of not having proper power protection lead to data loss and corruption. If a critical operating system file becomes corrupt, the system will no longer boot properly and ultimately lead to a crash and inability to work. Ex. Copier sharing the same circuit as the server causes the server to unexpected shutdown causing critical files 10 employees were collaborating on to be lost forever because last nights backup started at 10pm. All work from 10pm to the time of the crash is gone. Does your server have a dedicated power outlet? Are you protected from all 9 Power Problems?
  • Opportunities – Cloud services that could save your Medical practice 50% or more on IT services. Most 10 employee companies can save $100,000.00 in just 5 years. The savings don’t stop here. This savings continues on to increase your bottom line profits. In many cases, this is the equivalent to adding 1 Million in Gross Revenue Sales. How much can your Medical practice save? 

Plus, it doesn’t stop there. We will:

  • identify any IT warning signs that currently exist in your Medical practice environment 
  • map out a prescription to address those warning signs
  • provide you with a “treatment plan” for an IT solution that will assist in your company's business goals and catch any problems before they become disasters 
  • Diagnose any ongoing problems or concerns you have with the computers on your network. 
  • Scan for hidden malware, ransomware, viruses, spyware and loopholes in your network security that could allow hackers and other cybercriminals to access your confidential information and cause a HIPAA breach. 
  • Check your system backups to make sure they are not corrupted and can be recovered in case of an emergency. 
  • Review your network configuration and peripheral devices to ensure that you are getting the maximum performance and speed from your machines. 
  • Review your server file logs to look for looming problems or conflicts that can cause unexpected downtime. 
  • Check that all security updates and patches are in place.

We’re not looking for challenges. 

There are enough challenges in life without seeking them in your Medical practice. Our goal is to simplify things. To determine where you should be focusing your effort. To make it like shooting a big flopping fish in the bottom of a barrel with a bazooka! Would you like to know the top 3-4 AOHO’s that are putting you at unnecessary risk? Would you like to know how to save $100,000 or more in potential fines from non-compliance with HIPAA?


Yes, I'd like to jump on a call with you to see if I'm HIPAA compliant

“Everyone Tells You Different Things, It’s So Confusing!”

“Ugh. I Wish I Did This Earlier!”

 … this is a comment a client recently made to me AFTER he had spent $15,000 in hard core data recovery services, had 216 hours of down time, $25,000 in services to stabilize their network and untold headaches and hair pulling. This could have been avoided by our Four Pillars Security Risk Assessment.


Yes, I'd like to jump on a call with you to see if I'm HIPAA complianT


More Case Studies

Medical Practice Spared from Data Erasing Disaster

We did a diagnostic on a similar healthcare company and found that they were at risk for a similar situation. We fixed it. Who knows what other problems were avoided.  

Successful Medical Practice Setting Up New Office Saved $334,000:

Client signed on in March 2012. Moved from Florida to NC. Scaled down employees when they moved. Didn’t need all the extra computers. Saved lots of money on technology and IT support.

Total cost $50,000, savings $334,000 + maintenance and lease. This would not have been possible without our Four Pillars Security Risk Assessment.


Yes, I'd like to jump on a call with you to see if I'm HIPAA complianT