IT for Brooklyn medical & dental practices that passes the audit.
Encrypted PHI. Audit-ready logs. BAAs in place. Same-day onsite when your imaging server goes down. We support Dentrix, Eaglesoft, Open Dental, Athenahealth, Practice Fusion, and the dozen other systems your practice depends on.
The PHI exposure your practice doesn't see.
The Office for Civil Rights audited 47 dental practices in NYC last year. The most common findings weren't sophisticated attacks — they were:
- Shared user accounts on the operatory PCs
- Backup drives that had never actually been tested
- Imaging software with default admin passwords
- Unencrypted laptops the doctor takes home
- BAAs missing for half the cloud vendors
- No documented response plan when something goes wrong
Each of these is fixable in a week. We've fixed all six in 22 Brooklyn practices last year.
What "HIPAA-aware" actually means.
"HIPAA compliant" is a phrase your vendors throw around, but compliance is your legal status, not theirs. We're HIPAA-aware: we configure, document, and operate your environment so that you can sit in front of an auditor and answer questions without sweating.
- BAAs signed and on file
- Risk Analysis documentation
- Encryption at rest and in transit
- Audit logging on PHI access
- Workforce security training records
- Documented incident response runbook
We know your software.
A general MSP will tell you they "support all medical software." A practical one tells you which versions, which gotchas, which vendor reps. We've broken and fixed all of these.
The 8 things we set up day one.
Encrypted PHI vault & backups
Immutable, encrypted offsite backup of imaging, EHR data, and operational files. Restore-tested monthly. Retention tuned to your state requirements.
Network segmentation
Imaging equipment, EHR servers, staff workstations, and guest Wi-Fi each on their own segment. A compromised iPad in the waiting room can't reach your X-ray server.
MFA on every PHI account
Microsoft 365, EHR logins, billing portals — all wrapped in MFA. With backup methods that work when staff lose their phone.
Endpoint encryption & EDR
BitLocker / FileVault on every device. Modern endpoint detection that catches ransomware before it spreads to your shared drives.
Audit logging on PHI access
Tracked, retained, and ready to show. If OCR audits you, we can produce 12 months of access logs within 24 hours.
BAA management
Signed BAAs with every PHI-touching vendor (cloud, imaging, billing, telehealth). Documented, dated, on file.
Workforce security training
Annual + onboarding training for staff. Phishing simulation. Documented completion records.
Incident runbook
If a laptop is lost, a phishing link is clicked, a server crashes — your front desk knows exactly who to call and what to say. We rehearse it.
Schedule a free HIPAA risk walk-through.
30 minutes by phone or onsite. No pressure, no upsell. We'll tell you what's exposed, what's overpriced, and what to fix this quarter — even if you don't hire us.
(718) 539-8858