PCI Compliance and Assessment, Third-Party Risk Assurance, Risk & Privacy Readiness Assessment and Remediation, Compliance and Assessments: ISO, NIST, SOC, GDPR
"Even though compliance with the standards of HIPAA Security Rule has been required for 14 years, the specifics on how to comply are still widely misunderstood in the industry."
Adam Kehler - Director, Risk, Security
and Privacy Healthcare Services
In the U.S., HIPAA and HITECH enforce strict data security standards, while Canadian providers navigate federal and provincial privacy laws. Despite these measures, healthcare remains a prime target for cybercriminals, with breaches averaging 89,000 records in 2023. Underinvestment in cybersecurity compared to other industries leaves sensitive data exposed
Breaches bring escalating costs, reputational risks, and increased scrutiny. Our healthcare services offer a detailed review of administrative, physical, and technical safeguards. By enhancing compliance, securing sensitive data, and addressing vulnerabilities, we help your organization stay protected against evolving cyber threats and maintain stakeholder trust.
Information security provides the basis for trust in the healthcare industry. A growing barrage of headlines about the most recent breaches indicate that health systems, healthcare providers, and service providers are losing the battle to protect their Clients’ health information.
We’re working alongside healthcare providers to create sustainable information security governance programs and perform healthcare InfoSec risk assessments.
Understanding the security risks facing your organization is no longer optional. But where to start? We believe that Threat-Based Risk Analysis
must be done in context to each organization which starts by clearly agreeing on the purpose, scope, assumptions, and constraints
of the engagement.
Our approach to security risk analysis goes beyond adherence
to the HIPAA Security Rule. We identify realistic threats to the organization’s information and systems.
Online’s Security Risk Assessment and HIPAA Compliance services assisted a rural hospital pass a HIPAA Audit with flying colors. As a rural 98-bed hospital in Northeast Pennsylvania, the organization had limited resources to dedicated to security and compliance, but Online’s assistance helped demonstrate their dedication to HIPAA Security Rule Compliance.
Online was engaged by a large digital health company to conduct a Security Risk Assessment for HIPAA compliance. The organization provides a digital platform that is accessed by more than 45 million consumers for more than 200,000 employers and health plans.
Working with Online, the digital health company met their compliance requirements, benefited from a value-driven assessment, and enabled the CISO to directly report risk to the executive committee in a way that was understood from a business requirement perspective.
Achieving HIPAA compliance is only the first step in developing a 360 degree security approach.
Our Risk, Security and Privacy (RSP) team is committed to delivering right-sized security and helping our Clients create and manage cost-effective and risk effective information security programs.
