HIPAA Security Consulting

Risk Evaluation and Documented Computer Security for your Healthcare or Dental Practice

We Help with HIPAA

HIPAA Security Consulting can assist your health care practice by performing a risk analysis audit, implementing necessary security measures, and providing ongoing scheduled updates to ensure that your technology is in compliance. We also provide documentation of your systems that can establish proof of compliance with HIPAA regulations.

Contact us for additional information including a risk audit specifically for your practice.


The protection of patient health information falls under two congressional acts: The Healthcare Insurance Portability and Accountability Act (HIPAA), and the Health Information Technology for Economic and Clinical Health Act (HITECH). While most of the data protection rules fall under HIPAA, enforcement of those rules and their application to your practice's business associates fall under HITECH. Typically everything is simply referred to as HIPAA in the interest of brevity.

Further Information

View the full text of HIPAA and HITECH through these links:


HIPAA Compliance

The Healthcare Insurance Portability and Accountability Act (HIPAA) establishes requirements for the security of electronic Protected Health Information (e-PHI). It sounds straightforward yet with changing technology, compliance has become a moving target.

Proof of compliance requires two basic elements:

1. Risk Analysis
2. Documented and Implemented Policies and Procedures

A Risk Analysis involves evaluating the potential risks to e-PHI and determining security measures to address these risks. Security measures must then be fully carried out and documented with updates taking place at appropriate intervals or when changes to your practice or technology systems take place.

HIPAA Enforcement and Penalties

Potential HIPAA violations my be uncovered by a standard review of your organization or may be the result of an investigation following a complaint made to the Dept. of Health and Human Services about your organization’s practices.

Fines are imposed in four violation levels, and reflect the severity of a data breach, including factors such as the number of e-PHI records affected, the kinds of records affected, and the negligence of the organization. The following penalties may be assessed:

Level Fine Violation
1 $100 - $50,000 per incident up to $1.5 Million The covered entity did not know and, by exercising reasonable diligence, would not have known that the violation occurred.
2 $1,000 - $50,000 per incident up to $1.5 Million The violation was due to reasonable cause and not willful neglect.
3 $10,000 - $50,000 per incident up to $1.5 Million The violation was due to willful neglect and was timely corrected.
4 $50,000 per incident up to $1.5 Million The violation was due to willful neglect and was not timely corrected.

Documentation Remote Access

© 2019 HIPAA Security Consulting
A wholly owned subsidiary of The MacSmith

The information provided using this website is only intended to be general summary information to the public. It is not intended to take the place of either the written law or regulations.