At this time, we can offer on-site services in NY and NJ (New York City, Rockland County, Westchester County, Bergen County, Passaic County, and Orange County).
For all areas outside of our service, we would need some help from your staff for bi-annual audits and installs (we can remotely configure or test and ship out preconfigured units).
Although our primary focus is on helping out the healthcare sector, we are happy to help everyone that we can. Everyone can benefit from a security conscious infrastructure and monitoring.
HIPAA ✔️
U.S. health law that protects patient data. We implement all required safeguards.
HITECH ✔️
Expands HIPAA with breach notification rules and stronger encryption standards.
NY SHIELD ✔️
New York law requiring data protection for all NY residents, including providers.
PCI ✔️
Required for credit card processing security. We support it when needed.
What is HIPAA?
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. law that establishes national standards for the protection of health information. It requires healthcare providers, insurers, and their business associates to implement safeguards to ensure the confidentiality, integrity, and availability of protected health information (PHI).
What is HITECH?
HITECH (Health Information Technology for Economic and Clinical Health Act) is a U.S. law that promotes the adoption of health information technology, particularly electronic health records (EHRs). It also strengthens the privacy and security protections established under HIPAA, especially regarding data breaches and patient notification.
What is the NY SHIELD Act?
The NY SHIELD Act (Stop Hacks and Improve Electronic Data Security) is a New York state law that enhances data security requirements for businesses. It requires organizations to implement reasonable safeguards to protect private information and mandates notification of data breaches affecting New York residents.
What is PCI compliance?
PCI (Payment Card Industry) compliance refers to a set of security standards designed to ensure that organizations that handle credit card information maintain a secure environment. It is essential for businesses that process, store, or transmit credit card data to protect against data breaches and fraud.
What is the difference between HIPAA and HITECH?
HIPAA sets the foundation for protecting patient data, while HITECH builds on it by enhancing breach notification requirements and promoting data encryption. HITECH also incentivizes healthcare providers to adopt electronic health records (EHRs).
BAA & Secure Hosting
We sign Business Associate Agreements (BAA) with all covered entities and host our infrastructure on HIPAA-compliant platforms. Your data remains encrypted in transit and at rest, with strict access logging, endpoint control, and disaster recovery protocols in place. We track access logs, encrypt data, and perform regular internal audits.
Active Monitoring & Ongoing Support
You have patients. If you need help, we will be there for you. We want you to be able to focus on patients while we deal with the nuances of running an office. Whether it's on-site or remote support, do not worry.
We have you covered from user activity to physical system components to software activity to network and firewall logs.
As It Happens
Daily
Weekly
Monthly
Quarterly
Annually
✔
Covered
Covered
Covered
Covered
Covered
Remote assistance for day-to-day operations and urgent issues. Support can be initiated proactively or on-demand.
✔
Covered
Covered
Covered
Covered
Covered
Ensure equipment is configured to industry best practices based on how the device will be used within your organization.
✔
Covered
Covered
Covered
Covered
Critical patches for operating systems and applications are applied and verified regularly to reduce vulnerabilities.
✔
Covered
Covered
Covered
Covered
Real-time log analysis for system, application, and network activity to detect and alert on unusual patterns.
✔
Covered
Covered
Covered
Covered
Automatically detects connected devices using passive network scans, with no interruption to existing systems.
Optional
✔
Covered
Covered
Covered
Backups of critical data are encrypted and securely transmitted to an off-site location following industry best practices.
Optional
✔
Covered
Backup protocols and backups should be tested at least quarterly.
✔
Covered
Covered
In the event, we're not informed about changes in user access, we will contact your HR team to verify.
✔
Annual inventory and classification of your data by type (e.g. PHI, internal) to confirm correct handling, retention, and access policies.
✔
✔
Covered
Quarterly visits for physical inspections, cabling review, unauthorized device scans, and server cleaning with anti-static tools.
Asset and Data Sanitation & Destruction
If we need to come to sanitize and destroy equipment on site, it can be combined with the cleaning and quarterly checkup. We have secured offline erasers, duplicators, and portable crushers to meet NIST requirements (As per NIST SP 800-88 "Guidelines for Media Sanitization").
Workflow
We've built a tool that compiles the rules into checklists for us (~9400 advisories, all categorized by regulation).
We've boiled down this workflow to help ensure we can keep you secure and compliant.
Acquisition
We validate suppliers to ensure they meet organizational objectives, security requirements, and budgetary constraints.
Inventory
We log all enterprise assets into a management system to track them through their lifecycle.
Secure
We reconfigure enterprise assets and identify required ports, protocols, and services to meet security needs.
Deploy
We limit access and services to only those required for your specific practice needs.
Monitor
We monitor all assets to prevent unauthorized use and connections based on asset management guidelines.
Adapt or Enhance
We patch & adapt systems to meet updated compliance as per evolving security guidance.
Decommission
We securely remove ePHI and other sensitive data from assets and ensure proper disposal.
Our mission is simple
Empower your business with reliable, secure, and fully compliant IT infrastructure so you can focus on what matters most.
Frequently Asked Questions
Which firewalls do you work with?
We're a Bronze Level Sonic Wall Partner. We also work with Ubiquiti Unifi and Netgate's PfSense.
Which Sonicwall Certification(s) do you guys have?
We currently have Sonic Wall Wireless and Endpoint Security Specializations.
What do you use to monitor and secure our systems?
We use a combination of NinjaOne, SentinelOne, and optionally our custom stack for an additional layer.
Do you sign a BAA with clients?
Yes. Every client engagement includes a signed Business Associate Agreement (BAA) to ensure HIPAA compliance from day one.
What’s included in HIPAA support?
We cover technical safeguards, system hardening, audit readiness, endpoint monitoring, and documentation for policies and risk assessments.
Can you help during an audit or incident?
Yes. We provide real-time response and audit support. In one case, we secured a compromised device in under 30 minutes and avoided a breach.
Do you offer support for remote providers?
Absolutely. We support hybrid and remote telehealth setups with secure VPN, device control, and monitoring across home networks.
What if we have international offices?
It's no problem, we need a time schedule for working hours and some scheduled time to work after hours. We just aren't able to complete on-site audits which are required bi-annually. The rest is remotely configured and monitored.
