ABYDE FOR ODA MEMBERS

It's time for stress-free compliance.

Request a demo
  • EASIEST SOFTWARE YOU’LL EVER USE

    And if we’re being honest, easy is an understatement. All companies say it, but we are so confident in the simplicity of our software that we will prove it.

  • ‘HANDS OFF’ APPROACH

    We automate it all – from notifications about training to policy generation. Can you imagine not having to set your own reminders?! Go ahead, focus on your patients – we will ping you with the important stuff.

  • CUSTOMER SUCCESS TEAM LIKE NO OTHER

    We will meet you where you are – whether that’s by phone, chat, or email. It’s tough stuff in the tech space, but our customers love us as much as we love them.

  • STATE BY STATE, LAW BY LAW

    No matter what state your practice is in, our solution is for you — from sea to shining sea. We know our stuff and dedicate ourselves to staying on top of the latest state and federal changes so you don’t have to.

  • MORE THAN JUST SOFTWARE

    With us, you get more than policies and software. We offer Master Classes, newsletters, and more to keep you up to date. At the end of the day, we are proud to lead with education.

"The toughest part of HIPAA is complying with the rules. Abyde’s step by step system removes the complexity and therefore the worry of complying with the rules. Plus, Abyde reminds me to stay up to date, keeping me in continual compliance!"
Dr. Robert Bass
"The ease of the Risk Assessment is definitely my favorite. Abyde is very good at keeping us on track. The training programs are great as well."
Brenda Anderson
"I love how Abyde continually sends notifications to update information so we can stay current with all compliance issues. Above all, you will not find a more economical choice that provides all of the resources needed for compliance in your medical practice."
Amy Rogers

LATEST COMPLIANCE NEWS

Email Safety in Healthcare

One Click Away from a Breach: Protecting your Practice from Phishing Emails

August 28, 2025   We’ve all received an email that’s a little too good to be true.  Maybe it’s a “Congratulations, you’ve won a free vacation!” message, or a heartfelt request from an “international prince” who just needs your bank details. While these examples may sound obvious, phishing emails today are far more convincing, using logos, sender names, and even tone that mirror trusted organizations. However, healthcare staff have an even bigger target on their backs due to the sensitive nature of Protected Health Information (PHI). Healthcare staff, from the office manager to the doctor, are close to patients’ Social Security Numbers, billing information, and more, all of which are a goldmine for a malicious actor.  In light of the most recent $170,000 phishing HIPAA fine, it’s essential to review the best tips for keeping your email and patient data secure.    Email Safety 101 When hackers send 3.4 billion phishing emails daily, it’s essential to remain vigilant when reviewing emails. One mistaken click can jeopardize thousands of health records, so always carefully read your emails.  While your spam filter might hide some risky emails, phishing has become more advanced, including spoofing staff members and, in general, looking legitimate upon first glance.  First, when receiving an email, always think before you click. Does the email look suspicious? Is the grammar odd? Are there unnecessary attachments? Never download any attachments unless you are sure of the sender. A hacker could expose your entire practice to ransomware with one unsafe attachment. All it takes is one click.  When receiving an email, always ensure the account looks authentic. A familiar name doesn’t always mean a safe email. Cybercriminals are betting on healthcare staff not knowing the difference between ‘yourboss@email.com’ and ‘y0urboss@email.com’. The internet also provides hackers access to public posts, so even if the profile photo might be of your boss, chances are it isn’t your boss sending you an email demanding personal information.  Watch for common red flags.  If an email feels unusual, pause before acting, especially with messages marked as “urgent.” Cybercriminals rely on panic to push quick clicks. For example, an email shouting “WARNING: Update your EHR immediately using this link” is likely a scam designed to trick you into handing over access.  Delete spam emails or forward them to your phishing IT team (if applicable, likely for larger organizations), and ensure your team is aware of any threats and trained to identify and handle them appropriately.    Keeping it Secure Phishing emails aren’t rare; they’re routine.  That’s why it’s critical to give your staff the tools they need to safeguard PHI. A strong compliance program goes beyond policies by providing hands-on email safety training, encouraging protections like multi-factor authentication, and connecting your practice with trusted IT resources. Meet with an expert today to learn more about HIPAA compliance and email safety.  

Read More »
Business Associate Phishing Fine

Phished and Fined: A $175,000 HIPAA Lesson for Business Associates

August 26, 2025 When scrolling through your inbox, letting your guard down is easy. Maybe you click on that email that looks like it’s from your bank without hesitation, or are swayed by the unsolicited message for a random all-expenses-paid trip. Unfortunately, phishing emails are everywhere, and they target the healthcare industry due to the sensitive nature of Protected Health Information (PHI). BST & Co., CPAs, LLP, known as BST, is a victim of phishing scams. The New York accounting and consulting firm, which works with practices, received the latest HIPAA enforcement, with a $175,000 fine and a two-year Corrective Action Plan or close monitoring by the Office for Civil Rights (OCR). The OCR discovered, after the fallout of a phishing email, that the Business Associate (BA) had failed to complete a Security Risk Analysis (SRA). This is the 10th enforcement of the Risk Analysis Initiative since its introduction last year. An SRA is a requirement for all HIPAA-regulated entities to assess all potential vulnerabilities of any physical, technical, or administrative safeguard in their organization. By identifying any concerns before a breach occurs, organizations are able to better safeguard PHI, keeping both their business and patients safe. This fine reminds us that BAs are just as responsible for upholding HIPAA as traditional medical practices and that completing the SRA is paramount. What Happened? On December 4, 2019, malware entered BST’s network after a successful phishing attempt. From December 4 to December 7, 170,000 patients’ PHI was exposed. The OCR began its investigation after BST reported the breach in February 2020. The OCR discovered that BST had not completed a thorough SRA. With a thorough SRA, BST could have seen the vulnerabilities regarding emails, or even how they secured Covered Entities’ PHI, and either prevented this breach or minimized its impact. Compliant Business Associates Keep Patients Safe Even though BST wasn’t treating patients directly, as an accounting and consulting firm they still had access to a Covered Entity’s PHI. That’s a clear reminder of just how important it is to make sure your Business Associates (BAs) are fully compliant. When your BA follows a comprehensive HIPAA compliance program, your practice gains peace of mind and a stronger, more secure partnership. The right solution helps you stay ahead of your BA responsibilities, whether that’s generating and maintaining Business Associate Agreements, providing staff training with practical tips like email safety, or completing a Security Risk Analysis (SRA) to uncover hidden risks. Connect with our team of compliance experts today to learn more.

Read More »
Read more

READY TO BE STRESS-FREE?

schedule a demo