Frequently Asked Questions
If your attorney is provided access to your patient’s Protected Health Information (PHI), then they are considered a Business Associate under the regulations. You should have them sign a Business Associates Agreement prior to providing them any PHI. (McCahon Law is experienced in the preparation of these agreements and can be of assistance. See, www.mccahonlaw.com
Case Evaluations & Legal Consultations
OMEGA is well versed in the privacy and security mandates of HIPAA and HITECH. We have advised and serviced covered entities ranging from Hospitals to small organizations consisting of a few staff members. We will ensure that your systems, including your communication and storage mandates, are compliant with these standards. We will also provide policy, procedures and staff training to further enhance your organizational compliance.
The government will not be sending auditors to inspect your security systems. Rather, the government requires you to have a compliant security plan in place and to confirm that fact. If you inform the government in your response to the proposal you have not complied, your offer will be discarded as non-responsive. If you certify you have a plan in place, but do not, then you can be liable criminally and civilly under the False Claims Act. OMEGA can assist in the preparation of your security plan as mandated by DOD.
Yes. You will have the obligations set forth in your contract with the government. If you contract with the Department of Defense, you will also be required to be compliant with Defense Acquisition Regulation DFAR 7012 by December 31, 2017.
As an attorney, you have an obligation to maintain the confidences of your client communications and files. If a breach occurs you have risk exposure based on your firm’s reputation. You also have legal risk exposure if you didn’t take reasonable measures to prevent the breach. Finally, you may be at risk for administrative action by the bar, depending on the circumstances of the breach.
In addition to the reputational, legal and administrative risks associated with unauthorized access to your files, you are also identified by HITECH and HIPAA as a Business Associate of the health care provider client. That means that you have the same requirements for the storage, security and transmission of patients’ information as does the health care provider (covered entity). If you are out of compliance with these standards and a breach occurs, you are subject to substantial fines and penalties.
It depends on the information to which the hacker had access. Forty-seven of the states, including Missouri, have breach notification laws. Whether you have to notify the client and law enforcement is case specific. OMEGA can assist in both the examination of your systems to determine if there has been a breach as well as advise you of the proper notification procedures.
OMEGA offers its Phishing simulation testing services and employee training remotely. Consequently, these services are offered nationwide.
Most people don’t know that their system has been compromised for an average of six months after the attack. If your organization is connected to the internet, it is at risk.
The first step is to complete the CONTACT us form located on our site. We will then discuss your organizations particular status and objectives. Next, we will then send you a contract identifying the services we will provide and the cost of those services. If you want to retain OMEGA to enhance your cybersecurity, simply complete the contract we send to you and we will begin the work in a mutually agreed time frame.
The services provided are tailored to each organization and are performed at a firm-fixed price.
A cybersecurity breach is much like having a socially stigmatized disease, most people don’t publicize the fact, even to friend and associates.