OnPoint will help guide your organization on its journey to an effective cyber risk program.



We are leaders in developing and managing cyber risk programs and in helping your organization to be in compliance with HIPAA requirements.

We will set the course to help ensure that your information, and thus your patients information and their safety are not at risk!

The financial burden of data breaches can be significant. Anthem had to pay the Department of Health and Human Services Office for Civil Rights a record $16 million for HIPAA violations. It also settled a class-action lawsuit in 2018 for $115 million after its 2015 data breach affected nearly 79 million individuals.

Hospitals must also contend with damage to their patient reputation as a result of cyberattacks. Healthcare organizations are always looking to grow their patient coverage and increase the number of patients, so any data breach will drive patients away from the provider, resulting in loss of business and revenue.

Imagine the Possibilities

OnPoint provides the most comprehensive risk analysis solution for health systems and their business associates, while maximizing efficiency and minimizing disruption to your organization.

Under the HIPAA Security rule and Interoperability (fka “Meaningful Use”) requirements, all electronic – Protected Health Information (ePHI) created, received, maintained or transmitted by a “Covered Entity” (CE) and/or “Business Associate” serving a covered entity is subject to the Security Rule. 

OnPoint’s Business Associate Risk Management program will evaluate and can also monitor vendors on a regular and ongoing basis and hold them accountable for requirements your organization identifies or assigns as remediation. OnPoint will evaluate each vendor’s level of risk, require them to attest to their compliance with HIPAA, and determine which protections are in place so your organization can decide around how to adjust your contracts, service levels, or your overall relationship.

Managing risks requires more than just a response on how identified risks will be handled.  Risk Management is part of an ongoing process of managing the risks identified during risk analysis and a key step in the overall NIST Risk Management Process.

What Clients Say?

"OnPoint's knowledge and expertise was invaluable! With their guidance we were able to improve the security of our data and the privacy and security of our patients."

"Sometimes, when things are complex, we tend to do nothing. OnPoint helped us to better understand the requirements involved with meeting the HIPAA requirements and provided us with a simplified and easy to understand approach that helped us to maximize the effectiveness of the program!"

"Having a partner like OnPoint, is the difference between a good risk management program and a great Risk Management Program"

Our core services include

  • Information security and privacy assessments (HIPAA, NIST CSF, HITRUST CSF, MACRA / Meaningful Use)
  • Vendor security risk management
  • Technical Evaluations – Penetration Testing, Vulnerability and Social Engineering
  • Security staffing support (virtual CISO, security experts, privacy experts)
  • Medical device and IoT security

Contact Us Now

News, Information & Resources

External Links

HIPAA Privacy, Security, and Breach Notification Resources For More Information About… Resource Covered Entities Covered Entity Guidance CMS.gov/Regulations-and-Guidance/ Administrative-Simplification/HIPAA-ACA/ Downloads/CoveredEntitiesChart20160617.pdf Fast Facts...

read more