Welcome to Data Risk Management LLC!

“My office computers won’t get hacked.”
“My employees won’t mishandle patient data.”
“I’m too small to be audited for HIPAA data security compliance.”
“Data security and compliance are too expensive.”

Sound familiar? Many Doctors and their business associates believe these statements. The problem is they’re wrong. Data thieves target medical and dental offices because they are “low hanging fruit” and stolen patient data has a high value on the black market. Staff members handle patient data every day and they are certainly capable of human error. There are many triggers for a HIPAA audit, and audits aren’t reserved for large covered entities. Good data security and compliance can be achieved for a fraction of the cost of a breach or an audit.

A false sense of security is far more dangerous

than a real sense of insecurity.

DRM is a professional data security consulting firm specializing in the Healthcare field. We help medical and dental offices and their business associates safeguard Protected Health Information (PHI) as required under Federal Law (HIPAA & HITECH). Everything has changed recently: more electronic patient data, more threats to that data, more regulatory rules, greater fines for non-compliance, increased auditing, and increased litigation for data breaches. We have the tools, knowledge, and experience to help you protect sensitive data and your business in a cost-effective manner.

Data Risk Management

In Healthcare, protecting patient data is not optional. We use proven methodologies based on data security industry best practices to help you safeguard Protected Health Information (PHI) and address your obligations for regulatory compliance.

HIPAA Security Risk Analysis & Mitigation

Security Risk Analysis (SRA) identifies your information assets, threats, and vulnerabilities. The HIPAA Security Rule specifies numerous safeguards to protect patient data. You must conduct a bona fide SRA and mitigate your risks.

HIPAA Privacy Risk & Breach Notification Analysis

The HIPAA Privacy and Breach Notification Rules protect patients’ rights. Analysis of your policies and procedures can help demonstrate compliance with these rules.

Business Associate Management

A Business Associate (BA) is anybody who sends, receives, stores, or processes Protected Health Information (PHI) on behalf of a Covered Entity (CE). BA’s must implement the same safeguards as CE’s to protect patient data.

HIPAA Audit & Breach Incident Response

Time is of the essence with regard to HIPAA Audits and PHI data breach incidents. Immediate action must be taken to minimize the potential damage to the organization and/or patients.

HIPAA Training

Good training creates a culture of data security. This leads to all hands on deck in the constant battle against ever-changing threats & vulnerabilities. If you haven't done HIPAA training in the past couple of years, it's time. All of the rules have changed.

When will you call us?

We can sort our clients into three categories depending on when they call us. Many call us long before they hit the wall. Some wait until they are about to hit it. A few wait until they have already hit the wall. The “wall” is a breach of patient data, a lawsuit, or a HIPAA audit. Of course, we can help in all of these scenarios. How we help depends on the circumstances.

If you want to do it yourself, we have tools to make it easier. If you need help, we have the knowledge, methodology, and experience to provide assistance.
If you want to do it yourself, we have tools to make it easier. If you need help, we have the knowledge, methodology, and experience to provide assistance.
We can tailor our services to create a custom program that fits your specific needs.

Take our free 10-minute Security Risk Assessment.

What we do

We can help you with all aspects of your Data Risk Management program from risk analysis & mitigation to data breach response & HIPAA audits.

We tailor our services to your needs and budget.

5 Most Common HIPAA Security Violations