top of page

Stressed about how to achieve HIPAA/HITECH compliance and avoid paying fines?


Worried that you haven't had a Risk Assessment in the past twelve months?


Concerned your Risk Assessment provider doesn't fully understand your business and your network?

The number of data breaches and HIPAA compliance failures within the healthcare industry is consistently increasing. Numerous organizations have been fined for compliance failure as the Office for Civil Rights (OCR) increases its focus on privacy and security. High profile breaches of patient data (ePHI) have been made public, including the fines levied by the OCR.  Examples are Concentra Health Services, fined $1.73 million for a breach affecting 870 indiviudals, and Cignet Health Center, fined $4.3 million for a breach affecting only 41 individuals.  This year, the OCR will utilize the HIPAA audit program to randomly assess healthcare entities and business associates for compliance with the HIPAA privacy, security and breach notification rules.  


If you are a healthcare Covered Entity or a Business Associate, you are required by law to comply with the HIPAA/HITECH Act and the HIPAA Omnibus regulations.  Fines and punishments levied by the OCR for breaches can range from $100 to $50,000 per violation and can include up to 10 years in jail.  As part of the regulations, businesses subject to HIPAA/HITECH must conduct a Risk Assessment each year.


Gibraltar provides comprehensive, by-the-regulations compliance software and tools, risk management solutions, education and training, and professional services for organizations needing to understand where their high risks are and what steps they can take to address them.  Our risk management and compliance services enable covered entities and business associates to move towards compliancy with data security laws more efficiently and effectively.


Our HIPAA Risk Assessment addresses three main areas:  technical (IT infrastructure), physical layout and safeguards, and administrative (policies and procedures). The process involves initial data collection, on-site surveys, remote scans on each PC/server, interviews with key staff, and external vulnerability scans.  We are able to help with documentation and remediation of issues found.  


Let Gibraltar be your experienced compliance partner.  As a Business Associate, we have been through the compliance process, and can help our Peace of Mind clients with moving their business towards HIPAA/HITECH compliancy.   Who better to provide these services than your IT provider that knows your business and network inside and out?


The end result?  Increased security and protection of your valuable ePHI.  Lower risk.  Peace of mind.  Contact us today and learn about the Gibraltar difference!


Remediation of issues 

Avoid OCR fines

Physical layout and safeguards

Interviews with key staff

Initial data collection and on-site surveys

Administrative (Policies and Procedures)

HIPAA Risk Assessments
Areas Covered
The Process
The Gibraltar Difference

PC/server and external vulnerability scans

Technical (IT Infrastructure)

Move towards HIPAA/HITECH compliance

bottom of page