HIPAA / HITECH Compliance Services

Assured SPC can help your organization achieve HIPAA regulatory compliance standards and satisfy requests for HIPAA attestation. We are an independent third-party assessor and a recognized leader in Healthcare security, privacy and HIPAA compliance with over twenty years of experience and hundreds of completed HIPAA assessments.

Safeguard the privacy and security of Protected Health Information (PHI)

Our compliance and risk assessment services are based on the regulatory requirements of the HIPAA Privacy, Security, and Breach Notification Rules. These services represent the basic level of compliance for organizations that create, receive, maintain, or transmit protected health information (PHI). We provide a refined approach for data protection that satisfies industry regulations with deep-dive, technical capabilities that improve your security posture. We also help you deliver the highest level of data protection for your healthcare customers that gives them a competitive differentiator and increases revenue.

Our services include:

    • HIPAA/HITECH security risk analysis and advisory – risk assessments are required by the HIPAA Security Rule and HITECH meaningful use attestation. These assessments are often overlooked or performed unsatisfactorily, as per HHS Office for Civil Rights (OCR) guidance. Our risk assessment approach is based upon the NIST 800-30 methodology and represents a comprehensive examination of vulnerabilities posed by today’s cyber threats and an analysis of your control maturity to determine the level of residual risk. Our HIPAA risk assessments have been successfully reviewed by OCR in several audits and breach investigations.
    • HIPAA Privacy Rule assessment – HIPAA privacy assessments ensure compliance with the HIPAA Privacy Rule. We assess your compliance posture through the design, implementation, and effectiveness of controls. For areas where gaps or deficiencies are noted, we provide detailed recommendations to assist with remediation efforts.
    • HIPAA Security Rule gap and compliance assessments – our gap assessment service is designed to highlight areas of non-compliance and heightened risk. If you’re looking to satisfy an audit or facing potential investigation by OCR, you will benefit from these compliance assessments that include detailed testing to ensure satisfactory safeguards have been defined, implemented, and are operating effectively. Assessments are linked to the requirements of the HIPAA Security and Breach Notification Rules and are based on our tested approach that leverages the OCR audit protocol, industry frameworks (e.g., NIST 800-53), and personal experiences working with the OCR.
    • Custom training, workshops, and advisory services – we understand that each organization faces unique challenges, so we have healthcare experts on hand to assist with all HIPAA-related needs.


    click here to Download the Assured SPC HIPAA Privacy and Security Documentation Requirements for Business Associates

Why choose Assured SPC for your HIPAA needs?

  • We assess all types of technology offerings in the care continuum – from medical devices and software to population health, revenue cycle management, and telemedicine solutions. Our process provides a holistic view of security to achieve optimal, value-based patient outcomes.

  • Our experience working with the Department of Health and Human Services, Office of Civil Rights (OCR) and Centers for Medicare and Medicaid Services (CMS) allows us to apply best practices in regulated compliance to healthcare organizations.

  • As a HITRUST CSF external assessor firm we’re able to bring a more prescriptive approach to HIPAA engagements.

  • Our assessors specialize in healthcare services, are HITRUST Certified Common Security Framework Practitioners (CCSFP), and maintain multiple security-related certifications.

Our Services

MANAGE - Virtual Chief Information Security Officer services

Contact us when you need a holistic but reasonable security program that addresses risk to the business not just technical controls. Click here for our virtual CISO services.

ASSESS -Privacy and Security program assessments

Contact us to understand the privacy and information risk posture of your organization.  We translate information security into business terms.

DO - Implement and Operate your CCPA Privacy program

With our expertise in IT leadership, Security and Privacy, we can help you operationalize the California Consumer Privacy Act, reduce cost of implementation and operation and help you implement “reasonable security”.  Check out our Operationalize CCPA Service

PREPARE - SOC 2 Readiness Management

We help organizations prepare for HIPAA, SOC 2, HITRUST and ISO27001  audits and to implement procedures and record keeping to maintain certification.

TEST - Security Testing and Remediation

We deliver Penetration and Vulnerability tests and help remediate issues