Transform Customer Experience with Virtual Agents + Data + AI — Discover Now

HIPAA Compliance
& Assessment

"Even though compliance with the standards of HIPAA Security Rule has been required for 14 years, the specifics on how to comply are still widely misunderstood in the industry."

Adam Kehler - Director, Risk, Security
and Privacy Healthcare Services

The number of breaches goes up year after year, in 2018 there were 365 breaches of more than 500 records affecting a total of 13,236,569 patients.

Can you afford to take chances with you customer's data?

In the United States, compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased the burden on healthcare providers, payers, clearinghouses, and business associates to protect their information.
In Canada, organizations must wade through a mixture of provincial and federal Privacy and Security legislations.

When factoring in the cost and reputational impact of breaches and large fines, everyone is feeling the impact.

With the average breach exposing 1.3M people, you need to take every necessary precaution to protect your organization and consumers.
The Healthcare industry, on average, underspends on cybersecurity compared to other industries but the black-market value is a record high – it’s no wonder why cybercriminals are focusing their efforts and increasing their sophistication with each attack.

Our Healthcare service provides you with an in-depth administrative, physical, and technical review of your current security posture.

Learn About HIPAA Services at Online

Information security provides the basis for trust in the healthcare industry. A growing barrage of headlines about the most recent breaches indicate that health systems, healthcare providers, and service providers are losing the battle to protect their Clients’ health information.

Online Business Systems has 20-years of experience within the healthcare industry and over 20-years of experience in the security arena.
We’re working alongside healthcare providers to create sustainable information security governance programs and perform healthcare InfoSec risk assessments.

Show me more

Start at Step One with a Threat-Based Risk Analysis

Understanding the security risks facing your organization is no longer optional. But where to start? We believe that Threat-Based Risk Analysis must be done in context to each organization which starts by clearly agreeing on the purpose, scope, assumptions, and constraints
of the engagement.

Our approach to security risk analysis goes beyond adherence
to the HIPAA Security Rule. We identify realistic threats to the organization’s information and systems.

show me more

CASE STUDY: Rural Hospital Passes HIPAA Audit

Online’s Security Risk Assessment and HIPAA Compliance services assisted a rural hospital pass a HIPAA Audit with flying colors. As a rural 98-bed hospital in Northeast Pennsylvania, the organization had limited resources to dedicated to security and compliance, but Online’s assistance helped demonstrate their dedication to HIPAA Security Rule Compliance.

Show me more

CASE STUDY: Digital Health Company Benefits From Approach to Security Risk Assessment

Online was engaged by a large digital health company to conduct a Security Risk Assessment for HIPAA compliance. The organization provides a digital platform that is accessed by more than 45 million consumers for more than 200,000 employers and health plans.

Working with Online, the digital health company met their compliance requirements, benefited from a value-driven assessment, and enabled the CISO to directly report risk to the executive committee in a way that was understood from a business requirement perspective.

show me more

Security Beyond Compliance

Achieving HIPAA compliance is only the first step in developing a 360 degree security approach.

Our Risk, Security and Privacy (RSP) team is committed to delivering right-sized security and helping our Clients create and manage cost-effective and risk effective information security programs.

Show me more


BLOG: Top 5 Signs you Need a Virtual CISO

Many organizations don't have the internal capabilities to know how to comply with all the HIPAA Privacy and Security Rules, State Laws, and cyber insurance policies in existence, and don't have the budget to hire an expert in this field.
This is where a vCISO, or virtual Chief Information Security Officer may be able to help.

Keep reading
BLOG: Healthcare & Security:
In Changing Times

Many healthcare organizations find themselves working through the challenges of a new delivery process for healthcare, in the face of today's realities. Our Risk, Security and Privacy team recorded the following segments addressing some of the questions and concerns they have received from our healthcare Clients and partners.

Keep reading




Risk, Security and Privacy Healthcare Services

Let's Talk


Managing Director,

Risk, Security and

Let's Talk

Learn more about
Strategy & Roadmap
services at Online


Learn more about
Digital Studio
services at Online


Learn more about
RSP Health
services at Online