HIPAA Compliance
& Assessment

"Even though compliance with the standards
of HIPAA Security Rule has been required
for 14 years, the specifics on how to comply
are still widely misunderstood in the industry."

Adam Kehler - Director, Risk, Security
and Privacy Healthcare Services

The number of breaches goes up year after year, in 2018 there were 365 breaches of more than 500 records affecting a total of 13,236,569 patients.

Can you afford to take chances with you customer's data?

In the United States, compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased the burden on healthcare providers, payers, clearinghouses, and business associates to protect their information.
In Canada, organizations must wade through
a mixture of provincial and federal Privacy and Security legislations.

When factoring in the cost and reputational impact of breaches and large fines, everyone
is feeling the impact.

With the average breach exposing 1.3M people, you need to take every necessary precaution
to protect your organization and consumers.
The Healthcare industry, on average, underspends on cybersecurity compared to other industries but the black-market value is a record high – it’s no wonder why cybercriminals are focusing their efforts and increasing their sophistication with each attack.

Our Healthcare service provides you with an
in-depth administrative, physical, and technical review of your current security posture.


Learn About HIPAA Services at Online

Information security provides the basis for trust in the healthcare industry. A growing barrage of headlines about the most recent breaches indicate that health systems, healthcare providers, and service providers are losing the battle to protect their Clients’ health information.

Online Business Systems has 20-years of experience within the healthcare industry and over 20-years of experience in the security arena.
We’re working alongside healthcare providers to create sustainable information security governance programs and perform healthcare
InfoSec risk assessments.


Start at Step One with a Threat-Based Risk Analysis

Understanding the security risks facing your organization is no longer optional. But where to start? We believe that Threat-Based Risk Analysis must be done in context to each organization which starts by clearly agreeing on the purpose, scope, assumptions, and constraints
of the engagement.

Our approach to security risk analysis goes beyond adherence
to the HIPAA Security Rule. We identify realistic threats
to the organization’s information and systems.


CASE STUDY: Rural Hospital
Passes HIPAA Audit

Online’s Security Risk Assessment and HIPAA Compliance services assisted a rural hospital pass
a HIPAA Audit with flying colors. As a rural 98-bed hospital in Northeast Pennsylvania, the organization had limited resources to dedicated to security
and compliance, but Online’s assistance helped demonstrate their dedication to HIPAA Security
Rule Compliance.


CASE STUDY: Digital Health Company Benefits From Approach to Security Risk Assessment

Online was engaged by a large digital health company to conduct
a Security Risk Assessment for HIPAA compliance. The organization
provides a digital platform that is accessed by more than 45 million consumers for more than 200,000 employers and health plans.

Working with Online, the digital health company met their compliance requirements, benefited from a value-driven assessment, and enabled
the CISO to directly report risk to the executive committee in a way
that was understood from a business requirement perspective.


Security Beyond Compliance

Achieving HIPAA compliance is only the first step in developing a 360 degree security approach.

Our Risk, Security and Privacy (RSP) team is committed to delivering right-sized security and helping our Clients create and manage
cost-effective and risk effective information security programs.

OUR THINKING

BLOG: Top 5 Signs you Need a Virtual CISO

Many organizations don't have the internal capabilities to know how to comply with all the HIPAA Privacy and Security Rules, State Laws, and cyber insurance policies in existence, and don't have the budget to hire an expert in this field.
This is where a vCISO, or virtual Chief Information Security Officer may be able to help.

BLOG: Healthcare & Security:
In Changing Times

Many healthcare organizations find themselves working through the challenges of a new delivery process for healthcare, in the face of today's realities. Our Risk, Security and Privacy team recorded the following segments addressing some of the questions and concerns they have received from our healthcare Clients and partners.

CONNECT WITH OUR TEAM


ADAM KEHLER


Director,

Risk, Security and Privacy Healthcare Services

ROB HARVEY


Managing Director,
Risk, Security and Privacy
Why Aren't you Red Teaming?

BLOG

When to get a Threat-Based Risk Assessment

BLOG

Give Your Patients' Data a Clean Bill of Health

BLOG

Health Information Security - Five Tips to Consider for 2019

BLOG


Learn more about
Strategy & Roadmap
services at Online

SERVICE PAGE


Learn more about
Organizational Change Management (OCM) services
at Online

SERVICE PAGE


Learn more about
Security Operations
services at Online

SERVICE PAGE