In certain industries there are many requirements for network and data security. For example in the health care industry for offices that store and transmit Electronic Patient Health Information (e-PHI) HIPAA has establish "Safeguards" that must be in place in order to protect that sensitive information. These "Safeguards" include how the data is handled when at rest (stored), or while in transit. There are additional requirements for the devices that reside on that network infrastructure. Like authentication methods and auditing, patch management, security awareness training for end users, and periodic Vulnerability Scans on the network to check for holes that cyber criminals can squeeze through. 

https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

  We can take some of the guess work out of what you need to be compliant in most industries. We also can be the one stop shop to get you what you need to stay compliant. We understand that the costs for noncompliance can be very difficult to deal with.  

https://www.hipaajournal.com/noncompliance-with-hipaa-costs/

Tier 1

Unaware of HIPAA violation and by exercising reasonable due diligence would have known HIPAA rules had been violated. 

 

Cost: $100 - $50,000 per violation and a maximum of 1.5 Million per year.  

Tier 2 

Reasonable cause that the covered entity knew about or should have known about the violation by exercising due diligence

Cost: $1000 - $50,000 per violation and a maximum of 1.5 Million per year. 

Tier 3

Willful neglect of HIPAA Rules with the violation corrected in the next 30 days of discovery. 

Cost: $10,000 - $50,000 per violation and maximum of 1.5 Million per year. 

Tier 4

Willful neglect of HIPAA Rules and no effort made to correct the violation within 30 days of discovery. 

Cost: $50,000 per violation and maximum of 1.5 Million per year. 

servicesolutions_securityx350.jpg