FAQ 2018-01-24T21:28:27+00:00

Frequently Asked Questions

I am a health care provider and I use outside attorneys for several actions related to my practice.  Do I have any exposure or expectations of my attorney’s obligation to comply with HIPAA and HITECH? 2017-10-30T19:51:16+00:00

If your attorney is provided access to your patient’s Protected Health Information (PHI), then they are considered a Business Associate under the regulations.  You should have them sign a Business Associates Agreement prior to providing them any PHI.  (McCahon Law is experienced in the preparation of these agreements and can be of assistance. See, www.mccahonlaw.com

Case Evaluations & Legal Consultations

I am a health care provider with a small practice.  How can OMEGA help improve my organization’s cybersecurity, including compliance with HIPAA and HITECH? 2017-10-30T19:50:29+00:00

OMEGA is well versed in the privacy and security mandates of HIPAA and HITECH.  We have advised and serviced covered entities ranging from Hospitals to small organizations consisting of a few staff members.  We will ensure that your systems, including your communication and storage mandates, are compliant with these standards.  We will also provide policy, procedures and staff training to further enhance your organizational compliance.

:  I am a contractor with the Department of Defense.  What will happen if I am not compliant with the information security mandates of DFAR 7012 by December 31, 2017. 2017-10-30T19:50:24+00:00

The government will not be sending auditors to inspect your security systems.  Rather, the government requires you to have a compliant security plan in place and to confirm that fact.  If you inform the government in your response to the proposal you have not complied, your offer will be discarded as non-responsive.  If you certify you have a plan in place, but do not, then you can be liable criminally and civilly under the False Claims Act.  OMEGA can assist in the preparation of your security plan as mandated by DOD.

I have a company that provides services to the U.S. Government.  Do I have any obligations relative to my organizations’ cybersecurity? 2017-10-30T19:49:46+00:00

Yes.  You will have the obligations set forth in your contract with the government.  If you contract with the Department of Defense, you will also be required to be compliant with Defense Acquisition Regulation DFAR 7012 by December 31, 2017.

I am a practicing attorney.  What exposure do I have if someone gains access to my client files? 2017-11-01T19:27:52+00:00

As an attorney, you have an obligation to maintain the confidences of your client communications and files.  If a breach occurs you have risk exposure based on your firm’s reputation.  You also have legal risk exposure if you didn’t take reasonable measures to prevent the breach.  Finally, you may be at risk for administrative action by the bar, depending on the circumstances of the breach.

I am a lawyer practicing in Missouri and I represent a health care provider in a few matters.  I know I am required by my Bar association to maintain my client confidentially.  Are there any other reasons for me to be concerned about my law office cybersecurity? 2017-10-30T19:48:05+00:00

In addition to the reputational, legal and administrative risks associated with unauthorized access to your files, you are also identified by HITECH and HIPAA as a Business Associate of the health care provider client.  That means that you have the same requirements for the storage, security and transmission of patients’ information as does the health care provider (covered entity).  If you are out of compliance with these standards and a breach occurs, you are subject to substantial fines and penalties.

I have a small business.  If someone gains access to some of the personal account information of my clients do I have any obligation to notify the client of the event? 2017-10-30T19:41:30+00:00

It depends on the information to which the hacker had access.  Forty-seven of the states, including Missouri, have breach notification laws.  Whether you have to notify the client and law enforcement is case specific.  OMEGA can assist in both the examination of your systems to determine if there has been a breach as well as advise you of the proper notification procedures.

What if I only want to retain OMEGA for Phishing services related to employee testing and education services?  Are these services only provided in Missouri and the Washington, D.C. metropolitan area? 2017-11-01T19:30:16+00:00

OMEGA offers its Phishing simulation testing services and employee training remotely.  Consequently, these services are offered nationwide.

I have never had my system hacked before.  How do I know if my organization’s system is at risk? 2017-10-30T19:39:27+00:00

Most people don’t know that their system has been compromised for an average of six months after the attack.  If your organization is connected to the internet, it is at risk.

What is the process for obtaining OMEGA’s services for my organization? 2017-10-30T19:39:07+00:00

The first step is to complete the CONTACT us form located on our site.  We will then discuss your organizations particular status and objectives.   Next, we will then send you a contract identifying the services we will provide and the cost of those services.  If you want to retain OMEGA to enhance your cybersecurity, simply complete the contract we send to you and we will begin the work in a mutually agreed time frame.

How much are the various services offered by OMEGA? 2017-10-30T19:38:22+00:00

The services provided are tailored to each organization and are performed at a firm-fixed price.

I have a small practice and don’t even know of any organization that has had their systems breached.  How do I know the cyber threat is a real threat? 2017-10-30T19:37:06+00:00

A cybersecurity breach is much like having a socially stigmatized disease, most people don’t publicize the fact, even to friend and associates.