Still wondering if you should be concerned with HIPAA

Penalties for Non-Compliance are becoming more common place then ever before

new updates for Hipaa

Drafters have contemplated a tiered system assessing monetary penalties for HIPAA violations

what is your exposure

Consider the case of One of the Largest dental insurers in the country, the data breach of which impacted 9 million people

how big is the impact

Imagine the impact of a cyber attack on your agency like the one that held St Margarets Hospital hostage forcing them to close their doors of multiple facilities, impacting health care and treatment of the entire community of this Chicago Suburb.

are you sure you removed necessary access

Have a disgruntled former employee? A large Oncology group faced scrutiny when a previously terminated employee used her system credentials to access the server and Personal Health Information of her former Employer


What we do

HIPAA Risk is a unique service customizing your organizations compliance strategies to meet your unique needs.

We help management ensure that Covered Entities (CE) and Business Associates (BA) comply with the relevant HIPAA regulations.

HIPAA Risk works with small businesses and organizations that create, receive, maintain or transmit protected health information. We gauge the degree of compliance with HIPAA so we can implement reasonable and appropriate policies and procedures to become compliant.

We advise both covered entities and business associates under HIPAA on all aspects of privacy and security compliance; including policy development and implementation, employee training, risk assessment and internal audits.

The HIPAA Risk four-tiered approach ensures ongoing compliance with HIPAA regulations, adaptation to changing rules and flexibility to adjust to the inevitable growth of your company.

1.      First, HIPAA Risk specialists will meet with your team to adopt appropriate and relevant HIPAA policies. In order to do this we need to truly get to know you and your organizations mission and vision. We will discuss the policies and procedures that are needed to make your organization compliant. We will create and adopt all the policies that are required for HIPAA compliance.

2.      Simultaneously, HIPAA Risk will meet with your staff, Business Associates and Sub-Contractors to discuss HIPAA, complete a HIPAA Risk Assessment, and to complete a vulnerability scan. We will conduct basic HIPAA training and secure acknowledgment from all relevant parties as to their role and obligations under HIPAA.

3.      HIPAA Risk IT specialists will meet with your team, explore the strengths and weaknesses of your current infrastructure and, over the course of multiple sessions, make recommendations on how to bring your organization into compliance. 

4.      Finally, and most importantly, HIPAA Risk will conduct semi-annual reviews to adopt your HIPAA policy to the ever-changing needs of your business. 

Sanctions and Fines

Tier One

A violation that the covered entity or business associate was not aware of, and could not have realistically know was a violation, even with a reasonable policies in place.

  • $100 minimum fine per violation, $50,000 maximum fine (these amounts are actually higher as they are adjusted for inflation)


Tier Two

Category 2: A violation that the covered entity or business associate should have been aware of but could not have prevented even with a reasonable policies in place.

  • $1,000 minimum fine per violation, $50,000 maximum fine (these amounts are actually higher as they are adjusted for inflation)


Tier Three

Category 3: A violation that occurred due to “willful neglect” of HIPAA Rules, in cases where covered entity or business associate has attempted to address the violation within 30 days.

  • $10,000 minimum fine per violation, $50,000 maximum fine (these amounts are actually higher as they are adjusted for inflation)


Tier Four

A violation of HIPAA Rules constituting “willful neglect”, where no attempt has been made to correct the violation in a reasonable amount of time.

  • $50,000 minimum fine per violation (these amounts are actually higher as they are adjusted for inflation)


Moreover, a single breach can involve multiple violations. The total fines can skyrocket to the millions of dollars.  

The way to protect your organization is to start down the path of becoming HIPAA compliant. The first step should be a risk analysis. Reach out TODAY and let us help.