Spohn's expert compliance consultants deploy with all the tools necessary to perform your HIPAA risk assessment within a process specifically designed to help you achieve adherence to the HIPAA and HITECH security rulings.

HIPAA Compliance Assessments

Our services combine reports and documentation with consulting time built into the engagement to allow personalized interaction with the HIPAA expert performing the audit. This provides a great ROI for any company looking to improve their security and satisfy HIPAA/HITECH requirements.

As an IT cybersecurity consulting agency, we take a security-first approach to guiding our clients in all of our regulatory compliance audits. This allows us to truly help our clients improve the integrity of their data and systems through detailed recommendations for remediation.

Achieve Compliance

Our HIPAA Audit services are designed to help you achieve regulatory compliance while providing a holistic review of your IT security posture.

Protect What Matters

Our goal is that our detailed, third-party HIPAA risk analysis will allow your team to enhance and/or develop effective safeguards for protecting PHI and ePHI entrusted to your care.

No "Checkbox" Audits

Not all HIPAA consulting firms are created equal. Many leave out the deep technical testing which solves the immediate regulatory requirement, but leaves the organization vulnerable to technical exploits and puts PHI at risk. At our core, we are a cybersecurity consulting agency with a firm belief that any assessment meant to satisfy HIPAA or HITECH cannot simply be a "checkbox" audit. We include the deep technical security testing so you can truly know the effectiveness of your controls.

We always include technical security testing and control auditing as a standard part of our HIPAA audits.

Included Services

Holistic Assessment

We thoroughly inspect the state of your administrative, physical, and technical security policies, plans, procedures, systems, and networks against best practices and the HIPAA compliance standards.

Risk Analysis

A HIPAA risk assessment consultant maps out in detail your assets, potential threats, and operational risks.

Internal & External Vulnerability Assessment

We perform a technical IT/cyber security assessment including penetration testing from an outside and inside perspective to identify weaknesses and vulnerabilities.

Gap Analysis

Our expert HIPAA/HITECH consultants identify areas that need improvement in order to conform to the Security Rule provisions. This information is used for planning of any remediation efforts and proof of due diligence.

Remediation Recommendations

At this final stage, we document reasonable and appropriate recommendations to support your rationale in designing and implementing any Required and Addressable safeguards in accordance with best practices and HIPAA/HITECH regulatory standards.

Full Database and Logs

We include all of the raw data from our IT security scans so that your team can perform their own deep analysis.

What is HIPAA Compliance?

HIPAA compliance refers to conforming to the provisions of the Health Insurance Portability and Accountability Act Security Rule. This legislation requires that organizations that store, process, or send personal health information (PHI/ePHI) must ensure the safety of all protected personal data in their possession or that can be accessed by their Business Associates.

Compliance is tricky and very complex. This means complying with ambiguous language and terms like “addressable” which sounds optional but is mandatory. It is for that reason that we employ a team of experienced auditors and security consultants to produce a HIPAA Compliance Assessment report and detailed Opinion report. These reports map out your adherence to the HIPAA Security rule, show to what level you comply, and suggest how to achieve complete compliance (remediation). We also find the likelihood of compromise your organization faces should you choose to accept the risk of lower compliance.

You do not automatically comply with Texas HB 300 (Texas Medical Privacy Law) or California Medical Privacy Laws. Further, simple compliance comes nowhere near meeting Florida’s FIPA Privacy Law guidelines. HIPAA compliance becomes more complex and more costly if you fail to meet compliance requirements.

Audit Deliverables

Full Audit Details

We can provide you
a road map to
full regulatory compliance.

Contact Us