For Western NY dental & medical practices

Would your practice pass a HIPAA or cyber-insurance check?

Most practices do not find out until a breach or a denied claim. I assess your systems against the HIPAA Security Rule and what cyber insurers now require, identify exactly where you are exposed, and fix it. A no-cost 30-minute assessment, with the findings in writing.

I sign a Business Associate Agreement before I touch any system that holds patient data. You work directly with me, a senior technician with 12+ years in the field.

Book a free HIPAA assessment See what I assess

Buffalo metro, Southern Tier & Northern PA · Insured · On-site fast when it matters

Why this matters now

Cyber insurers now require proof. Multi-factor login, endpoint protection, and tested backups are no longer optional. Miss one and a claim can be denied or your premium jumps.
HIPAA expects a written risk analysis. Most small offices have never had one done, and that is the first thing an investigator asks for after an incident.
Your IT vendor is part of the rule. If someone touches your systems and your patient data, they need a Business Associate Agreement on file. A lot of practices do not have one.

What the assessment covers

Access & authentication

Multi-factor on email and clinical systems, unique logins instead of shared accounts, and stale accounts that should be disabled.

Backups & recovery

Whether your backups exist, are off-site, encrypted, and have actually been test-restored. A backup you have never restored is a guess.

Devices & encryption

Workstations, laptops, and phones that hold patient data: full-disk encryption, endpoint protection, and patch status.

Email & data handling

Secure email for anything carrying patient information, phishing exposure, and where patient files actually live.

Required documentation

A written risk analysis and signed Business Associate Agreements with every vendor that can reach your data.

Network & access control

Network segmentation, guest wifi isolation, the firewall, and the camera and door-access systems most offices run.

How it works

No-cost assessment. 30 minutes, on-site or by video. I review your systems against the HIPAA Security Rule and cyber-insurance requirements.
Written findings. A clear report of what passes, what is non-compliant, and what each gap costs to close. Yours to keep, no obligation.
Remediation. Fixed-price and scoped: MFA, encryption, tested backups, secure email, and the documentation. Done and verified.
Ongoing protection, if you want it. A monthly plan that keeps you compliant and the posture from drifting. One number, one accountable person.

I handle the technical and IT side of compliance. For clinical and legal policy, work with your compliance advisor. I make sure the technology holds up its end.

Why Upper Hand IT

You work directly with a senior technician. The person who assesses your practice is the person who fixes it and answers when you call.
12+ years securing networks, systems, and data across Western NY.
I sign a Business Associate Agreement before I touch a system that holds patient data, and I document the work to HIPAA Security Rule standards.
Insured, local, and on-site fast when it matters.

Find out exactly where your practice stands.

Book a no-cost 30-minute HIPAA and cyber-insurance assessment. You keep the written findings either way.

Book a free HIPAA assessment Call (716) XXX-XXXX