We spoke with David Dadian one of our Health IT Cohort members about powersolution.com’s experience securing and supporting IT environments in physician practices, which many times are exposed to data losses and HIPAA violations due to a practice’s lack of understanding of the risks and/or not giving the right level of attention to IT and the necessary processes to protect data.
Founded by David in 1996, powersolution established itself over the years as a leading provider of IT managed services to physician practices, other healthcare organizations, and other SMBs in New Jersey. Its implementations and practices follow HIPAA compliance requirements, along with standards established by organizations such as the Center for Internet Security, SANS Institute, and the New Jersey Cybersecurity and Communications Integration Cell.
David summarized the exposure that physician practices are typically facing. “We find that many physician practices underestimate the risks associated with potential HIPAA compliance audits. They lack having current HIPAA compliance plans in place, fail to conduct annual staff training on HIPAA rules, or are not aware of the requirements for Business Associate Agreements with vendors. Additionally, they need to rely on their IT providers to implement and support HIPAA-compliant infrastructures.”
According to the U.S. Department of Health and Human Services (HHS), over 1/3 of covered entity data breaches involve a laptop, desktop, or mobile device. An example would be a medical assistant downloading patient medical records to a laptop in order to be able to work from home. If the laptop was not encrypted, left in the medical assistant’s car, and then stolen, it would be a HIPAA violation. In this example, the covered entity would be subject to the financial costs and reputation impairment associated with mandatory breach notifications and remediation.
Often times, physicians believe the odds of a HIPAA violation for a small practice are relatively low as compared to larger healthcare organizations. However, it is not uncommon that a patient complaint on what appears to be a small issue results in a full-scale Department of Health & Human Services/OCR investigation a practice. There are numerous examples easily found where small practices have incurred 6-figure penalties, days of downtime, and sometimes bankruptcies due to not being vigilant about data protection.
Powersolution.com addresses electronic protected health information (or, ePHI) risks by performing annual HIPAA security risk assessments for the physician practices that it serves. The company installs and supports enterprise-level firewalls, anti-virus software, malware (malicious software) protection, disaster recovery/business continuity, and other IT security layers to ultimately protect both patients and the practice.
In 2005, the company began a mutually beneficial student internship program with NJIT. According to David, “the program facilitated identifying, at an early stage, high-potential individuals that could grow with the company and assume key leadership roles.”
For example, David Ruchman was hired early in the internship program while pursuing his B.S. degree in Computer Science at NJIT. He later earned his M.S. degree in Computer Science at NJIT and became powersolution’s Chief Technology Officer in 2013. In addition to his CTO responsibilities, David Ruchman is a member of InfraGuard, a selective non-profit group serving as a public-private partnership between U.S. businesses and the FBI, sharing information and intelligence dedicated to the prevention of hostile acts against the United States. He is also a member of the Cyber Health Working Group, which maintains a web-based platform and hosts webinars for sharing cyber threat information and resources. powersolution’s Chief Information Security Officer, Abdul Hammad, also came up through the student internship program while earning his B.S. and M.S. degrees in Computer Science and Forensics at NJIT. Additionally, Abdul is a member of the New York Electronic Crimes Task Force, an extension of the U.S. Secret Service, dedicated to combating cyber-crime.
David Dadian went on to describe powersolution’s experience in the Health IT Connections Program. “Our joining the Health IT Connections Program began in 2016 with a series of collaborative cohort meetings and events sponsored by the NJII, which helped to facilitate our growth and the addition of various new healthcare clients.” Mana Health, a data access in interoperability provider, met powersolution.com during CEO roundtable sessions facilitated by NJII’s Health IT Connections program. David said, “the fit between the two firms became apparent after a careful evaluation by Mana Health, resulting in the selection of powersolution.com by Mana Health to support its IT environment. With Mana Health’s particular focus on security and HIPAA compliance, we were able to provide an enterprise-level solution that would address their stringent requirements. As a result of this reference, we were able to sign a number of additional deals in the healthcare sector.”
David concluded by saying, “we are proud of our work securing and supporting HIPAA-compliant IT environments for physician practices in New Jersey. We greatly appreciate our long-standing associations with NJIT and the NJII Health IT Connections Program. We look forward to further expanding our role with New Jersey physician practices and other healthcare entities, helped by our ongoing participation in NJII events.”
Visit www.powersolution.com today!
If you are interested in connecting with David Dadian or learning more about the Health IT Connections Program please contact: Tamara Williams, Marketing Support Planner at Tamara.Williams@njii.com or visit njii.com/healthit.