HiQ Services, LLC and Eagle Associates, Inc. Announce Partnership

Jan. 24, 2020 – Charlotte, NC – HiQ Services, LLC and Eagle Associates, Inc. are pleased to announce a partnership in which Eagle Associates will provide its HIPAA Compliance and Security Risk Analysis solutions to complement HiQ’s MIPS Essentials services. 

Eagle Associates has been providing compliance assistance to practices throughout the country for over 30 years, providing inclusive compliance services that require minimal time and effort for a practice to implement. Ongoing customer support is what has set Eagle Associates apart from its competitors.

HiQ was founded in 2019 to help small and large practices succeed with MIPS, MACRA & QPP across a wide range of medical specialties. HiQ’s MIPS Essentials Gold package will include HIPAA Compliance and Security Risk Analysis services provided by Eagle Associates; the Security Risk Analysis Package will also be offered via the HiQ MIPS a la Carte services.

HiQ’s President, Mike Schmidt commented: “HiQ is honored to have such a recognized industry leader as Eagle Associates as our partner. We believe that the great majority of small practices are at risk for HIPAA compliance as well as for MIPS audits with regards to their Security Risk Analysis. We look forward to working closely with Eagle Associates to provide an optimized solution for small and large practices alike.”

Eagle Associates, Inc. Vice President Jennifer Cosey shared: “Eagle Associates is pleased to partner with HiQ.  The executives at HiQ are experienced, knowledgeable industry insiders who care about customer service and client satisfaction.  We are happy to share a valued resource with clients who have a need for MIPS consulting.  They will find outstanding assistance and expertise at their fingertips with HiQ.

To find out more, please visit www.hiq-services.com or www.eagleassociates.net

Emergency Directive to Mitigate Windows Vulnerabilities

The Office for Civil Rights (OCR) is the entity that enforces HIPAA regulations.  In partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and the Division of Critical Infrastructure Protection (CIP), the OCR has shared a directive regarding critical Windows vulnerabilities that need to be addressed as soon as possible.  Although the directive is mandatory for Federal entities, OCR strongly recommends that all healthcare and public health sector entities also consider patching their environments as soon as they are able.

Eagle Associates highly recommends patching as soon as possible to protect your networks/devices from malware and other activity that would cause considerable disruption and expense.  We advise that you work with your IT staff/vendor to implement the patches, because healthcare entities are attractive targets for malware, due to the value and sensitive nature of PHI.  In addition, you could be the subject of investigation and enforcement action if it was found that you didn’t take reasonable steps to mitigate known risks, such as this vulnerability.

Please read the full directive for complete details, but among the vulnerabilities patched were weaknesses in how Windows validates Elliptic Curve Cryptography (ECC) certificates and how Windows handles connection requests in the Remote Desktop Protocol (RDP) server and client.  The vulnerabilities affect all supported versions of Windows (including Windows 10, Windows Server 2012 etc.), and other related products as follows:

  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ASP.NET Core
  • .NET Core
  • .NET Framework
  • OneDrive for Android
  • Microsoft Dynamics

You can read the directive here: https://cyber.dhs.gov/ed/20-02/

The Microsoft patch information can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan