HIPAA Privacy and Security Rule services

Connect with us

With the healthcare industry in a constant state of change and the threat landscape rapidly escalating, healthcare providers, life sciences organizations, and their service providers must go beyond HIPAA compliance requirements to implement advanced security technologies and sophisticated risk management practices. We help covered entities and business associates secure environments and technologies to protect patient data throughout the care continuum.


Safeguard the privacy and security of protected health information

Our compliance and risk assessment services are foundational to the regulatory requirements of the HIPAA Privacy, Security, and Breach Notification Rules. These services represent the basic level of compliance for organizations that create, receive, maintain, or transmit protected health information (PHI). Whether your data resides on wearables, patient intake forms, medical devices, or in the cloud, we provide a refined approach for data protection that satisfies industry regulations with deep-dive, technical capabilities that improve your security posture. We also help you deliver the highest level of data protection for your healthcare customers that gives them a competitive differentiator and increases revenue.


Our services include:

  • HIPAA FastTrack toolkit – HIPAA compliance is heavily focused on policies and procedures related to how organizations safeguard PHI. To address this need, our FastTrack toolkit helps you jumpstart your HIPAA policies and procedures. It includes more than 80 fully customizable policies and step-by-step procedures, so you can expeditiously upgrade existing policies and procedures that align to all HIPAA Security and Breach Notification Rule requirements.
  • HIPAA security risk analysis and advisory – risk assessments are a requirement of the HIPAA Security Rule and meaningful use attestation. They are often overlooked or performed unsatisfactorily as reported by the Office for Civil Rights (OCR) during breach investigations. Our risk assessment approach is anchored in the NIST 800-30 methodology and represents a comprehensive look at vulnerabilities posed by today’s cyber threats. This service also includes an analysis of your control posture to determine its level of residual risk. Our HIPAA risk assessments have been reviewed by the OCR during many breach investigations.
  • HIPAA Security Rule gap and compliance assessments – we offer a gap assessment service that’s been meticulously designed to unveil areas of non-compliance and heightened risk. If you’re looking to satisfy an audit or investigation by the OCR, you will benefit from these compliance assessments that look beyond the design of a control by including detailed testing to ensure satisfactory safeguards have been defined, implemented, and are operating effectively. Assessments are linked to the requirements of the HIPAA Security and Breach Notification Rules, but are based on our custom-built approach that leverages the OCR audit Protocol, industry frameworks (e.g., NIST 800-53), and personal experiences working with the OCR.
  • HIPAA Privacy Rule assessment – similar to services that address the HIPAA Security Rule, these assessments are geared toward ensuring compliance with the HIPAA Privacy Rule. We assess your compliance posture through the design, implementation, and effectiveness of controls. For areas where gaps or deficiencies are noted, we provide detailed recommendations to assist with remediation efforts.
  • Custom training, workshops, and advisory – we understand that each organization faces unique challenges, so we have healthcare experts on hand to assist with all HIPAA-related needs.

Why choose Coalfire for your HIPAA needs?

  • We assess hundreds of technology offerings in the care continuum – from medical devices and software to population health, revenue cycle management, and telemedicine solutions. Our process provides a holistic view of security to achieve optimal, value-based patient outcomes.
  • Our experience working with the Department of Health and Human Services, Centers for Medicare and Medicaid Services (CMS), and the OCR allows us to apply best practices in regulated compliance to healthcare organizations.
  • As we are one of the original HITRUST CSF assessor firms and have conducted hundreds of HITRUST CSF assessments, we’re able to bring a more prescriptive approach to HIPAA engagements.
  • Our assessors specialize in healthcare services, are HITRUST Certified Common Security Framework Practitioners (CCSFP), and maintain multiple security-related certifications.

Showcase your security posture

See a return on your compliance investment and grow market share with our market development services

Learn more
Top