Chat with us, powered by LiveChat

HIPAA One Releases Privacy Risk Analysis

After releasing the HIPAA One Security Risk Analysis, we received exceptional feedback on the product and how much our clients appreciated the simplicity and automation provided by the product. We have been committed to expanding our solutions and add products to be “all things HIPAA”. With the launch of the Privacy Risk Analysis, we now offer a full suite of products to address all citations and requirements related to HIPAA Security, Privacy and HITRUST.

Having implemented and performed the HIPAA One Security Risk Analysis at over 2000 locations, we know the importance of having a cloud-based process that is easy to understand and allows collaboration among different departments.   Furthermore, our Privacy Analysis, like our Security Risk Analysis, is offered in three different levels of engagement to meet the needs of not only the large practices, but also the small health and dental practices.

With the rise in hacking and breaches, our goal is to provide timely solutions to clients to ensure the patient information they keep is safe and secure. Furthermore, the OCR is accelerating the frequency and number of audits, with HIPAA One solutions, you are guaranteed to pass.


HIPAA One partners with athenahealth


Lindon, UT – August 28, 2015 HIPAA One, a provider of HIPAA Security and Privacy Compliance software, today announced that it has partnered with athenahealth, Inc. through athenahealth’s More Disruption Please (MDP) program, making HIPAA One part of the athenahealth Marketplace offerings. Together, the companies will work to link athenahealth’s growing network of more than 67,000 healthcare providers with the capabilities of HIPAA One to make healthcare providers more successful, profitable, and responsive to patient needs.

“HIPAA one delivers a powerful tool for Covered Entities and Business Associates,” said Steven Marco, President of HIPAA One. “We have disrupted the HIPAA Audit space by automating 78% of the mundane, labor-intensive and error-prone activities of the risk analysis and documentation.  Thousands of sites are already using HIPAA One.  Through our partnership with athenahealth, we can leverage our experience in HIPAA compliance and help athenahealth clients more easily identify real risk to their organizations, reduce costs and make the sometimes intimidating process of responding to an audit as simple as clicking the “download report” button. We guarantee HIPAA compliance with the Security Rule when using HIPAA One and will be offering discounted pricing for athenahealth providers.”

athenahealth is a cloud-based services company with a vision to build an information backbone to help make health care work as it should. Through the MDP program, athenahealth is accelerating high-value innovation via the cloud, offering new services to help providers thrive in the face of industry change and pressure.  MDP partners with innovators, entrepreneurs, companies, and individuals who are passionate about disrupting established approaches in health care that simply aren’t working, aren’t good enough, or aren’t advancing the industry.

To learn more about athenahealth’s MDP program and partnership opportunities please visit

About HIPAA One

We work tirelessly to provide the best HIPAA compliance software and professional services in the industry.  Owned and professional services provided by Modern Compliance Solutions, HIPAA One® was designed from the ground-up to be the most simple, automated and affordable solution.

Our goal is to establish long-term relationships with our clients and partners to be “everything HIPAA” under one roof.  To be the resource for seasoned audit professionals looking for 3rd party assurances and those who seek a solid foundation in HIPAA Compliance for their organizations.

To learn more about HIPAA One, please visit

Contact Info

Bobby Seegmiller



HIPAA One 2.0 Security Risk Analysis Update Delayed

Although the HIPAA One 2.0 update delay may be disappointing, the story is reassuring. Steven Marco, President of Modern Compliance Solutions, Inc., today announced, “Our simplified HIPAA Security Risk Analysis solution has been geared towards small clinics and Critical Access Hospitals and could not scale-up.  Our “Turbo-Tax”-like, step-by-step is designed solution to handle organization’s complex political and GRC relationships like HITRUST or Archer.  We will release HIPAA One after completing testing of all the new features and utilities requested by our satisfied client base – which have responded to OCR audits, and most have responded to Meaningful Use Compliance Audits in the past 3 months – all successfully.  Our new target release date is Valentine’s Day, February 14,  2014.”

Send any questions about how HIPAA One® ‘s distilled workflow matches NIST SP800-30 – the only “suggested” methodology of the Office of Civil Rights Guidance on HIPAA Security – for HIPAA enforcement – to, call 801-770-1199.

HIPAA One 2.0 Security Risk Analysis Solution Software Update Announcement – More Simple, Automated and Affordable Than Ever

bobby hipaa one hippoHIPAA One unveiled an update to its popular HIPAA Security Risk Analysis solution on Tuesday at the company’s headquarters in Lindon, UT.

HIPAA One announced today the release of HIPAA One 2.0, the simple, automated and affordable alternative to complex and time-consuming HIPAA Security Risk Analysis tools and spreadsheets on the market today – by people with or without a security background. To address anxiety in dealing with HIPAA requirements, HIPAA One 2.0 facilitates a “Turbo-Tax”-like guided step-by-step process making the process easier and basic. Some small clinics are reporting completing their HIPAA Security Risk Analysis and Assessment in as little as one day using HIPAA One. Hospitals are reporting success in measuring compliance on a per-location basis for clinics and affiliates.

Steven Marco, President of HIPAA One states, “We have had excellent adoption of our HIPAA One Security Risk Analysis solution in 2013. And are reinvesting our successes into features for our users, the healthcare industry to offer peace of mind they are doing the right thing when it comes to securing their patient’s identities. We guarantee compliance with Meaningful Use to protect CEHRT data requirements when using HIPAA One.”

New features of HIPAA One 2.0 include:

  1. Executive dashboards for remediation tracking progress.
  2. Added subjective “Risk Remediated” check-box for remediation plan updates.
  3. Parent-Child relationship for regional and affiliated Clinic and Hospital organizations.
  4. Import/convert historical HIPAA One® Risk Analysis data for simple Risk Analysis updates.
  5. ePHI System Administrator role added to better handle multi-ePHI system environments.
  6. Can marry ePHI System to existing or new location – avoiding redundant questions.
  7. Improved workflow for cloud or hosted systems.
  8. Compliant with Meaningful Use Stage 2 (CM 7/9 for EH/EP)
  9. Added ASTM_E2147-01, and 45 CFR 170.314(d)(4), (d)(2), (d)(3), (d)(7), (d)(1), (d)(5), (d)(6), (d)(8), & (d)(9).
  10. Automated Shopping cart functionality for customized product quotes.

Original release found on PRWeb.

Adult & Pediatric Dermatology Fined $150,000 For Lost Thumb Drive

thumb driveRecently a dermatology practice learned that something so small could be very costly.

Adult & Pediatric Dermatology, P.C., of Concord, Mass., lost a thumb drive, which doesn’t seem like a huge deal except that specific thumb drive was unencrypted and contained the electronic protected health information of about 2,200 individuals.

The US Department of Health and Human Services Office for Civil Rights received a report that the thumb drive was stolen from an APDerm employee’s vehicle and never recovered. After conducting its investigation, OCR and APDerm agreed to a $150,000 penalty. APDerm received this HIPAA penalty because it not only lost the thumb drive but also because the dermatology practice didn’t identify it in a HIPAA risk analysis nor had it managed the risk so its patients’ data was protected.

Besides paying the $150,000, APDerm was given a corrective action plan that requires it develops a risk analysis and management plan that addresses and alleviates any security risks and vulnerabilities, and it must give OCR an implementation report once the plan is completed.

There are three ways this practice could have prevented this from happening:

  1. Don’t put your protected data onto a remote or portable device since those can be easily lost or stolen. Use a secure remote access tool if you need the information outside of your office.
  2. Encrypt all of your data to protect your patients and your practice. Use encryption for all devices, portable and stationary.
  3. Have a risk analysis done by a professional. It’s cheaper to hire a professional to do the analysis for you than to do it yourself and risk receiving a HIPAA penalty.

If you’re a healthcare provider, be sure to follow these steps. If not, you risk following in the footsteps of APDerm and costing your practice lots of money and time, as well as your reputation, from something as small as a thumb drive.


Idaho State University Settles HIPAA Security Case For $400,000

According to the Department of Health and Human Services (HHS), Idaho State University has agreed to pay them $400,000 for violations of the HIPAA Security rule. The settlement was reached after 17,500 patients of an ISU clinic’s health records were compromised. You can read more about it here.

The Office for Civil Rights (OCR) opened investigations after ISU notified the HHS that their server firewall was disabled. Through their investigation, the OCR found that ISU did not apply proper security measures and policies all of which could have been avoided by consulting with a HIPAA security consultant and by executing routine HIPAA security audits.

This isn’t the first time a well known University has been penalized for a health data breach, we wrote about Indiana University and their breach in another post that you can find here.