4 Pillars IT Security Assessment - HIPAA
Did You Know That Your Medical Practice Is
Required By Law To Comply With HIPAA?
One of our local medical practices here in Raleigh, NC just lost $750,000. Are you next?
If you haven't done our assessment. You're at risk!
Just appearing to be unnecessarily vulnerable by the OCR, can be catastrophic
Given the very technical nature of this field, and it's constant changing methods of threat, it becomes very obvious that direct help from Craig and his team is the best solution for most of us.
A Must For Any Practice
The Four Pillars Security Risk Assessment gave me all of the information I needed to make informed decisions on how to secure my practice.
-Attorney in Raleigh, NC
I have worked with Petronella to implement EMR (Electronic Medical Records) in the Durham, NC area. He is extremely professional and very knowledgeable.
-EMR Solutions Provider
Craig Petronella, World's Foremost Expert on HIPAA AND Cybersecurity has authored multiple books, including How HIPAA Can Crush Your Medical Practice and Peace of Mind Computer Support. He has spent thirty years advising clients and protecting computer information. Craig makes sure your Medical practice network works when you need it the most, and is a celebrity in his field and hometown.
Craig is frequently quoted in the local Raleigh news and appears on local TV news for his expertise in protecting local businesses and medical practice owners from hackers halfway around the world in places such as Ukraine, Russia, and China. Petronella has been quoted and featured on ABC News North Carolina, CBS News North Carolina, NBC WNCN, Raleigh & Charlotte, NC Time Warner Cable News, PRNews Wire, and Newsobserver.com.
The consequences of NOT being HIPAA compliant can crush a Medical practice putting them out of business. The hefty fines of $50,000 or more per infraction can sky rocket fast.
Raleigh Orthopaedic in Raleigh, NC recently had to pay $750,000 for a HIPAA violation.
Amazon #1 Best Selling Author:
How HIPAA Can Crush Your Medical Practice
|Risk Assessment & Remediation
|Policies & Procedures
Important Policies and Procedures Required by HIPAA
You Need a Business Associate Agreement (BAA) In Addition to:
- Written Information Security Policy
- Disaster Recovery Plan
- Sanction Policy
- Emergency Operations Policy
- Network Security Policy
- Access Control Policy
- Computer Use Policy
- Equipment Disposal Policy
- Termination Policy
- Security Incident Response
- Facility Security Plan
- BYOD Policy
Here are some of the big problems we look for and assess during our analysis:
- Neglected computers, neglected servers – Software updates come out every week and most small Medical practices don’t think they need them. If you don’t it will eventually lead to downtime and a failure. If you don’t do patches you will get hacked. If you don’t do maintenance you’re going to crash. If you don’t keep system clean it will overheat. If you don’t maintain the server it will overheat. If it’s not maintained and cleaned it will overheat. If you’re not on top of the hard drive it will fill up and run out of space. Same thing with a server. – ex. make sure you have the latest java version. Server hosts everything for your company. Ex. 10 user company server goes down & 10 people can’t work. Can’t access client files. Cost is salary per hour x number employees.
- Data backup & disaster recovery – Most companies think they have a good system but when we audit them we find that they don’t. If you’re building burned down today, could you recover? If you were to experience a failure, could you recover? Do you have pictures of your kids on your computer? One woman had 30,000 pictures of her kids, friends, family, trips and cherished moments collected over the years. If she experienced a crash, she could likely lose all of them. Do you want to lose all those pictures and memories? Same with all your important documents.
Plus, it doesn’t stop there. We will:
- identify any IT warning signs that currently exist in your Medical practice environment
- map out a prescription to address those warning signs
- provide you with a “treatment plan” for an IT solution that will assist in your company's business goals and catch any problems before they become disasters
- Diagnose any ongoing problems or concerns you have with the computers on your network.
- Scan for hidden malware, ransomware, viruses, spyware and loopholes in your network security that could allow hackers and other cybercriminals to access your confidential information and cause a HIPAA breach.
- Check your system backups to make sure they are not corrupted and can be recovered in case of an emergency.
- Review your network configuration and peripheral devices to ensure that you are getting the maximum performance and speed from your machines.
- Review your server file logs to look for looming problems or conflicts that can cause unexpected downtime.
- Check that all security updates and patches are in place.
We’re not looking for challenges.
There are enough challenges in life without seeking them in your Medical practice. Our goal is to simplify things. To determine where you should be focusing your effort. To make it like shooting a big flopping fish in the bottom of a barrel with a bazooka! Would you like to know the top 3-4 AOHO’s that are putting you at unnecessary risk? Would you like to know how to save $100,000 or more in potential fines from non-compliance with HIPAA?
“Ugh. I Wish I Did This Earlier!”
… this is a comment a client recently made to me AFTER he had spent $15,000 in hard core data recovery services, had 216 hours of down time, $25,000 in services to stabilize their network and untold headaches and hair pulling. This could have been avoided by our Four Pillars Security Risk Assessment.
Medical Practice Spared from Data Erasing Disaster
We did a diagnostic on a similar healthcare company and found that they were at risk for a similar situation. We fixed it. Who knows what other problems were avoided.
Successful Medical Practice Setting Up New Office Saved $334,000:
Client signed on in March 2012. Moved from Florida to NC. Scaled down employees when they moved. Didn’t need all the extra computers. Saved lots of money on technology and IT support.
Total cost $50,000, savings $334,000 + maintenance and lease. This would not have been possible without our Four Pillars Security Risk Assessment.