Every year millions of doctors around the country are submitting Security Risk Assessments to their EMR in order to be considered “HIPAA Compliant”. Are they really compliant though? Have all of these private practices really taken every step possible to ensure that they are HIPAA compliant to the fullest, and if they were to ever experience a breach of HIPAA information, would be fully protected from fines adding up to millions of dollars?

Zekteck performs an assessment alongside private practice owners, managers, and staff in order to find the gaps that exist between their current status of HIPAA compliance and what qualifies as being fully HIPAA compliant.

Why perform an assessment?

Part of HIPAA compliance is completing an annual security risk assessment. This is often accomplished by completing the SRA provided by HHS. How accurately is it being filled out though?

Here are examples of medical practices that were providing an annual risk assessment to their EMR and still incurred thousands or even millions of dollars in fines:

Dentist Divulges PHI

A private dental practice is fined a REDUCED FEE of $10,000 for disclosing PHI on social media. This could be prevented by training employees on security practices every year. See the press release here.

Allergy Clinic Alerts Press

An allergy practice was fined $125,000 for disclosing patient information to a reporter. See the press release here.

Hospital Keeps Accounts

A Hospital is fined $111,400 for not removing a terminated employees access. Access Management is a crucial part of remaining HIPAA compliant. See the press release here.

No Business Associate Agreements

Center for Children’s Digestive Health is fined $31,000 for not having a Business Associate Agreement in place. See the press release here.

The above cases only represent the fines for smaller practices. Larger practices are often fined millions of dollars, one of the biggest was associated with the Anthem breach at $16 million.

These cases also only represent the fine owed to the Office of Civil Rights and HHS. They do not account for the cost of corrective action that is mandated to take place in order to stay in business, which could range anywhere from $10,000 a year to a few million dollars a year.

Provided by the HIPAA Journal ( )

The Way this assessment works

  1. The private practice will provide Zekteck with the most recent Security Risk Assessment (SRA) that was submitted to the EMR.
  2. Zekteck will perform, with the private practice owner, managers, and staff, a new SRA with a more investigative approach than is being performed every year.
  3. Zekteck will perform an analysis of the two SRAs
  4. Gaps and recommendations will be presented to the private practice and their team.

Contact UsGive us some information and we'll reach out as soon as possible.

Check In/Out Vendor

Add Asset

IT Asset
This is the user that will primarily use or be responsible for this asset.
e.g. "Joe's Laptop"
Does this asset store, receive, or transmit ePHI? *
ePHI stands for electronic protected health information.

Add Application

Does this application store PHI? *
Is the data encrypted? *

Add Vendor

Add Vendor
Address Line 1
Address Line 2
Zip Code

Add Employee

Please note: This will create an account for this employee in the user portal.

Add Employee
Only lower case letters (a-z) and numbers (0-9) are allowed.
Enter Email
Confirm Email
Enter Password
Confirm Password
Maximum upload size: 134.22MB
Please attach a .jpg, .png, .gif or .mpg image.

Ready to start your project? Contact us using the form below and we'll get back to you within 24 hours.