HIPAA for Small Practices 2017-11-17T12:12:13+00:00

HIPAA and Cyber Security for Small Practices

Meet Deborah.

Deborah runs a small practice in the Pacific Northwest.

On the surface, her practice is pretty simple. She has a couple of laptops, a part-time office manager, and a shredder. She’s careful about what she emails, what she faxes, and where she stores healthcare data. She has a new patient form and a HIPAA Notice of Privacy Practices.

HIPAA is frustrating

hipaa-for-naturopaths-deborah

Deborah was frustrated, though. She wasn’t sure if her computers were safe and HIPAA compliant. Or if her email was set up the right way. She was spending too much time researching the right way to tackle HIPAA and cyber security. That’s time that she should have spent with her patients and her family.

Here’s how Deborah explained it:

“I find it difficult to keep up with the ever changing HIPAA regulations. After spending hours on my own research, I was more confused about who to trust and what to do.”

Focus on Your Patients and Your Practice

Deborah is a lot like a lot of small practices we meet. They’re busy enough caring for patients, trying to get paid, and keeping up with the crazy changes to healthcare regulations.  They don’t have time to become experts on cyber security and HIPAA compliance.

“I find it difficult to keep up with the ever changing HIPAA regulations. After spending hours on my own research, I was more confused about who to trust and what to do.”

Computer security is a lot like medicine. It’s a complex, ever-evolving area. It requires a level of expertise that’s hard to get from part-time Internet research.

The stakes are way too high

You’ve worked too hard to build a business and a reputation. Why risk it all over something silly like not setting up your computers the right way?

IT Security Consulting Cyber Attacks Small BusinessesUnfortunately, the risks are very real. According to Symantec, almost half of cyber attacks are focused against small businesses.  The days of being “too small to attack” are over.

Of course, you already know this if you follow the news about ransomware.  These attacks are sweeping the globe.

Here’s what has happened to other companies who have messed this up:

1) They were fined.  A LOT.

hipaa-compliant-gsuite-6-hipaa-fines

Fines as high as millions of dollars

3) They had to tell patients and the media.

hipaa-breach-notification-hipaa-compliant-gsuite

It’s embarrassing

2) They’re on the HIPAA Wall of Shame.

hipaa-compliant-gsuite-hipaa-wall-shame-

From the HHS website

4) Some of them lost it all.

hipaa-compliant-g-suite-lost-it-all

Your bank accounts can be drained during a hack

How We Helped Deborah

We spent about an hour with Deborah. We did a thorough review of her:

  • Email Setup
  • Computer Setup and Configuration
  • Computer Security Programs
  • Mobile Phone and Tablet
  • EMR system
  • Credit Card System
  • Fax System
  • Website

Our process is very much like a new patient intake. We:

  • do a series of exams and tests,
  • make sure to answer your questions,
  • make quick-fix changes along the way, and
  • at the end, we’ll tell you exactly what you need to be safe, secure, and HIPAA compliant.

During our time with Deborah, we definitely found urgent issues that needed to be fixed.  In fact, we almost always find urgent issues in these reviews.  Most people don’t realize it, but their computers are usually wide-open to attackers.

Many of these issues were fast to fix, and we did it right away during our call. For others, we gave Deborah a detailed report with options and instructions.

Deborah was pretty happy with the end result. Here’s what she had to say:

“In about an hour of one-on-one time, my computer and communication systems had become HIPAA compliant. I highly recommend Adelia Risk for small medical practices that are looking for an easy way to ensure safe computing and HIPAA compliance.”

“In about an hour of one-on-one time, my computer and communication systems had become HIPAA compliant. I highly recommend Adelia Risk for small medical practices.”

Dangerous Assumptions

Sometimes we meet companies who make make dangerous assumptions.  They think you’re already protected because:

  1. “I have a HIPAA policy, so I’m all set.”  A piece of paper does almost nothing to keep your practice safe.  The truth is that most companies with a HIPAA or Security policy probably isn’t following it.  The policy is meant to be a starting point, not the final solution.
  2. “My IT guys keep me safe.”  Possibly, but most IT companies focus on user support and fixing things that are broken.  More often than not, they are not doing everything they should to keep you safe, nor do they have expertise in HIPAA.  In fact, some IT companies hire us to come help them make sure everything is set up the right way.
  3. “My EMR is safe and HIPAA-compliant, so I’m safe and HIPAA-compliant.”  This is only true if you never store PHI outside of your EMR.  No emails.  No faxes.  No scanned in documents.  No notes.  If PHI exists outside of your EMR, you need to make sure you take the right steps to keep it safe.

Making these assumptions is a sure-fire way to increase your risk of breach or hacking attack.

How We Make You Safer

We’ll make sure you’re set up the right way to cut the risk of a HIPAA violation or a data breach.

HIPAA and Security Review for Small PracticesIn about 60 – 90 minutes, we’ll do a web-based review of your practice.  We’ll look at your:

  • computer settings,
  • communication systems,
  • security practices, and
  • procedures that you follow in your practice to keep yourself and your patients safe.

As with Deborah, we’ll make quick fixes along the way.

If there are things that we can’t fix right away, we’ll give you clear guidance on what you need to do.

At the end, you’ll get a detailed report (pictured at right).  It includes screenshots, recommendations, helpful links, and a summary of everything we discussed.

Reports are typically 8-15 pages long.

The good news?  HIPAA requires you to do a regular “risk assessment” against your business — here’s the quote from HHS:

Guidance_on_Risk_Analysis___HHS_gov

That’s exactly what we’re doing!

Pricing

The price for the HIPAA and Cyber Security review is:

$349

We accept all major credit cards.

First 30 Minutes Free

Not sure if the HIPAA and Cyber Security review is right for your practice?

We offer a risk-free way to try it out.

For a limited time, we’re offering the first half hour of our HIPAA and Cyber Security review for free.

Schedule a 30-minute time to get started.

IMPORTANT: This is not a sales call!  We follow the exact process we use during the first 30 minutes of our paid reviews.  We will tell you specific, actionable things you can do right away to improve your security.  At the end of the 30-minute session, we will ask you if you want to stop or continue.  If you choose to continue, we will book the remaining time, bill you, and prepare your final report.

Testimonials

“As a nursing service specializing in prescription management, we handle ePHI for multiple practices.  We need to be able to prove that we are HIPAA-compliant and safer than the medical practices we serve.  Adelia Risk did a thorough review of all of our systems and computers, and helped us to put in place all of the right security settings.  They also recommended other reputable services that are safe and HIPAA-compliant, including setting us up with a secure version of Google’s G Suite so we can securely send and receive emails from patients, other practices, and insurance companies.  I highly recommend working with Adelia if you want to make sure your company is safe, secure, and HIPAA-compliant.” — Jennifer C., PR NRX Solutions, Northern CA

“I find it difficult to keep up with the ever changing HIPAA regulations. After spending hours on my own research, I was more confused about who to trust and what to do.  In about an hour of one-on-one time, my computer and communication systems had become HIPAA compliant. I highly recommend Adelia Risk for small medical practices that are looking for an easy way to ensure safe computing and HIPAA compliance.” — Deborah, Practice Owner, Pacific Northwest US

Adelia Risk – As Featured In

IT Security Consulting Healthcare IT News

IT Security Consulting Dark Reading

In the past year, 51,110 people from all 50 states turned to Adelia Risk for cyber security and HIPAA expertise.