We’ve all seen the splashy headlines.

Anthem pays OCR $16 Million in record HIPAA settlement following largest health data breach in history

https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/anthem/index.html

Health Insurer (Premera Blue Cross) Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People

Link to Archived HHS Site

Orthopedic Clinic Pays $1.5 Million to Settle Systemic Noncompliance with HIPAA Rules

Link to Archived HHS Site

It’s no secret that the healthcare industry is under attack by cybercriminals, bad actors internally, and myriad other threats both seen and unseen. In fact, a recent cybersecurity study found that 94% of surveyed healthcare providers have been the victim of some kind of breach or cyber attack.

If you’re a healthcare provider, you may see these headlines and think “that’ll never happen in MY practice.” But a quick review of the data published by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) shows that even small-to-medium sized healthcare organizations are at risk.

Health Care Provider Pays $100,000 Settlement to OCR for Failing to Implement HIPAA Security Rule Requirements

Link to Archived HHS Site

The above incident, which happened in 2013 and was settled with OCR at the beginning of March 2020, was a single-doctor practice. Looking further into the data, it is apparent that security breaches affect practices of ALL sizes. And for those small practices, a hefty fine from OCR could very well shutter the practice, placing the patients of that practice at risk not only concerning the breach but at risk of no longer having their doctor available since the doctor paid such a large fine that it caused the office to permanently close.

Make no mistake: EVERY organization that is subject to the HIPAA and HITECH Acts is at risk of a breach of electronic personal health information (ePHI). From the data we reviewed for the years 2015 through 2021, the average fine is over $1.3 million.


This should worry every individual responsible for the proper storage, transmission, and maintenance of ePHI. The good news, however, is that Axeleos offers a comprehensive security & audit engagement that’s focused solely on the medical industry.

Our information security consultants are subject-matter experts in the various Rules and Safeguards contained in the HIPAA Omnibus Rule, which contains an extensive list of compliance requirements to maintain a proper information security posture. Check out our comprehensive overview of HIPAA, HITECH, and the Rules here.

Historically, the medical industry has been one of the least-secure industries vis-a-vis information and cyber security. At Axeleos, we’re passionate about helping the members of this industry achieve true and proper compliance and adequately secure their patients’ ePHI.


How Does the Engagement Work?

We offer three different tiers of our security & audit engagement.

Basic Security & Audit AssessmentIn-Depth Security & Audit AssessmentComprehensive Security & Audit Assessment
Basic scan of all workstations, laptops, and serversA full scan of all workstations, laptops, and serversA full scan of all workstations, laptops, and servers
Review of existing security controlsReview of existing security controlsReview of existing security controls
A full report detailing all vulnerabilities and other security-related issues uncovered during the assessmentA full report detailing all vulnerabilities and other security-related issues found during the assessment along with details on how to remediate those findings.A full report detailing all vulnerabilities and other security-related issues found during the assessment along with a comprehensive plan of action on how to remediate those findings.
Review of existing policies & procedures along with a full report of recommended changes to existing policies and procedures to HIPAA standardsOver 50 policies and procedures customized for your practice that adhere to HIPAA standards
Provide a full end-user security training & awareness covering all required training elements per HIPAAProvide full end-user security training & awareness covering all required training elements per HIPAA.  We will hold one (1) live online training session with your staff.
Ongoing engagement to remediate or mitigate all security issues identified in our assessment.

Our engagements start at $7,500. Every engagement is backed by our 100% guarantee that your practice will have the tools needed to identify gaps in your security posture.

Don’t let insufficient security practices and poor policies and procedures subject you and your patients to the stress of dealing with the fallout of a breach and subsequent investigation by OCR. The true cost of a breach goes well beyond any fine levied by OCR.

Contact Axeleos today, and let us help you secure your environment, your patients, and your reputation.