DeWITT — A consulting firm based in DeWitt has formed a new division to help physicians shore up their privacy and security practices. Netti Consulting Services, headquartered at 6443 Ridings Road, is calling its new division the Mountain Creek HIPAA Group. The division will specialize in security assessments, privacy assessments, and breach assessments for medical […]
DeWITT — A consulting firm based in DeWitt has formed a new division to help physicians shore up their privacy and security practices.
Netti Consulting Services, headquartered at 6443 Ridings Road, is calling its new division the Mountain Creek HIPAA Group. The division will specialize in security assessments, privacy assessments, and breach assessments for medical practices and hospitals as they adopt and use electronic health records.
The new group spawned from Netti Consulting’s original line of business, which is helping physicians adopt electronic health records and utilize them in a way that qualifies for federal reimbursements. In order to qualify for reimbursements under an initiative known as the Medicare EHR Incentive Program, for example, practices have to meet certain “meaningful use” measurements.
“What kept sticking out is the fact that this particular security-risk analysis, measure 15, was not particularly understood by the practices,” says John Netti, who founded his consulting firm in October 2011. “And then, as we started looking at larger organizations, we realized it really wasn’t a function just of the smaller practices.”
The consulting firm found that many medical practices and hospitals were concerned about meeting the privacy and security requirements. Only large hospitals, which often employ their own security officers, don’t seem very interested in outside help, according to Netti. It’s an important issue, as medical providers could be audited by the federal government, he adds.
That led the Mountain Creek HIPAA Group to target a wider range of medical organizations than Netti Consulting does in its other line of business. The new division will consult for large practices and smaller hospitals, while Netti Consulting launched last year with a goal of serving medical practices with about five doctors. Regardless of its focus, Netti Consulting and its new division will work with medical groups and hospitals of all sizes, Netti says.
The Mountain Creek HIPAA Group could also help Netti Consulting branch out beyond the upstate New York market. Most of the consulting firm’s work to date has taken place Upstate, and the new group will probably follow that footprint when it launches, Netti says. But he sees concern about electronic health records’ security and privacy as a national trend.
“This is not going to be limited,” Netti says. “We are going to go wherever it takes us. As a small business, you have to look at everything.”
The small business has grown from a one-man consulting firm at its founding last year to a firm with nine consultants, including Netti. All of the firm’s new consultants work as independent contractors.
The firm could double its revenue in its second year if the Mountain Creek HIPAA Group gains traction in the market, Netti says. He declined to share specific revenue totals, though. He also wouldn’t offer hiring projections, saying only that he hopes to continue to add consultants.
Netti Consulting is headquartered in suite 130 at 6443 Ridings Road in DeWitt. E.F. Thresh, Inc. owns that building, according to Onondaga County Office of Real Property Tax Services records. Netti Consulting leases about 320 square feet in the building.
Its new division meets a need that’s springing up as electronic medical records increase the amount of information and availability of information, according to Regina Blakeslee, a consultant in the Mountain Creek HIPAA Group. For instance, a health-care worker might want to take home a laptop carrying patient data in order to finish a report, she says.
“That’s a vulnerability,” Blakeslee says. “We need to go in there and give them a shot in the arm and say that you need to start taking this seriously and start training your staff. You need to have a policy that you shouldn’t be taking that laptop home. If you do want to work from home, set up a VPN and sign in remotely and go through the proper channels.”
Few firms of Netti Consulting’s size have set up divisions dealing explicitly with privacy and security, according to Keith Gutchess, another consultant in the Mountain Creek HIPAA Group.
“There’s maybe a couple dozen small shops out there, or maybe the big guys, accounting firms like KPMG,” he says. “For Syracuse, this is a pretty cool service that’s sprouting up.”
Blakeslee, Gutchess, and Netti work in the Mountain Creek HIPAA Group. And Netti Consulting has another consultant focused on privacy and security in smaller medical practices.
The new group’s services include physical walk-throughs of health-care organizations, checks of technical safeguards, and reviews of management, policy, procedure, privacy, and security.
Contact Seltzer at rseltzer@cnybj.com