The Baseline HIPAA GAP Assessment or BHGA

The BHGA will measure the GAP between the requirements set forth in the HIPAA Security Rule, which we will explain in layman’s terms, and your organization’s controls, policies and procedures. This report delivers a full HIPAA Audit which can be used to successfully fulfill your requirements for conducting regular assessments. However, unlike most standard HIPAA assessments, our service doesn’t stop with the standard “check in the box” view with our compliance matrix.

The BHGA Outlines Your HIPAA Compliance Posture

Yes, our assessment will outline your organization’s position as compared with the requirements of the HIPAA final security rule, including whether your organization is Compliant, Partially compliant, or Not compliant for all standards. But Spohn doesn’t stop there. Our expert consultants will also provide you with an extensive HIPAA compliance report to help you understand not just your compliance status, but also precisely what each compliance factor means and what you thoroughly understand what actions you’ll need to address any areas that are only Partially Compliant or that are Not Compliant.

HIPAA Compliance AssessmentsSpohn’s Baseline HIPAA GAP Assessment reports take a close, in-depth look at each HIPAA assessment rule, examining each rule and explaining it in plain language that does not require an advanced law degree to comprehend. Spohn also provide a brief description of the specific controls implemented by your organization to meet the rule, and why we rated these measures to meet – or not meet — the rule. Best of all, in cases where we find your organization has not met the rule’s requirements we will discuss the “GAP” you need to fill to become compliant, recommending the minimum actions you need to take to achieve compliance in any given area.

The BHGA is Expedient and Thorough

Our Baseline HIPAA GAP Assessment is designed to for expediency, we do not sacrifice thoroughness when reviewing the rules and we ensure that any claims made during our interviews are backed up with evidence that legitimizes our finding. Spohn will not simply accept that a rule is not being met: we will dig down deeper to see if any existing processes or procedures apply to the rule even if it’s only partially applicable. This helps minimize the workload our clients are left with following an assessment, offering them guidance in how they can utilize existing processes to achieve compliance rather than starting from scratch.


We can provide you
a road map to
full regulatory compliance.


Contact Us