Our compliance and risk assessment services are foundational to the regulatory requirements of the HIPAA Privacy, Security, and Breach Notification Rules. These services represent the basic level of compliance for organizations that create, receive, maintain, or transmit protected health information (PHI). Whether your data resides on wearables, patient intake forms, medical devices, or in the cloud, we provide a refined approach for data protection that satisfies industry regulations with deep-dive, technical capabilities that improve your security posture. We also help you deliver the highest level of data protection for your healthcare customers that gives them a competitive differentiator and increases revenue.

• HIPAA security risk analysis and advisory – risk assessments are a requirement of the HIPAA Security Rule and meaningful use attestation. They are often overlooked or performed unsatisfactorily as reported by the Office for Civil Rights (OCR) during breach investigations. Our risk assessment approach is anchored in the NIST 800-30 methodology and represents a comprehensive look at vulnerabilities posed by today’s cyber threats. This service also includes an analysis of your control posture to determine its level of residual risk. Our HIPAA risk assessments have been reviewed by the OCR during many breach investigations.
• HIPAA Privacy Rule assessment – similar to services that address the HIPAA Security Rule, these assessments are geared toward ensuring compliance with the HIPAA Privacy Rule. We assess your compliance posture through the design, implementation, and effectiveness of controls. For areas where gaps or deficiencies are noted, we provide detailed recommendations to assist with remediation efforts.

• HIPAA Security Rule gap and compliance assessments – we offer a gap assessment service that’s been meticulously designed to unveil areas of non-compliance and heightened risk. If you’re looking to satisfy an audit or investigation by the OCR, you will benefit from these compliance assessments that look beyond the design of a control by including detailed testing to ensure satisfactory safeguards have been defined, implemented, and are operating effectively. Assessments are linked to the requirements of the HIPAA Security and Breach Notification Rules, but are based on our custom-built approach that leverages the OCR audit Protocol, industry frameworks (e.g., NIST 800-53), and personal experiences working with the OCR.
• Custom training, workshops, and advisory – we understand that each organization faces unique challenges, so we have healthcare experts on hand to assist with all HIPAA-related needs.