Ensuring legislative compliance is fundamental to the long-term viability of your healthcare business. Because of the importance of compliance, it is essential that you choose an IT partner that understands the intricacies of HIPAA.

But understanding what the law says about HIPAA compliance is only the start. Your IT partner must also know how to properly assess the current state of your IT and know how to develop and implement a strategy to get you to where you need to be.

It all begins with a comprehensive audit of your current IT systems.

After you have made the informed choice to partner with {company}, we will do an on-site interview with your Privacy & Security Compliance Officer and perform a facility walkthrough and inspection – looking to ensure that appropriate safeguards for storing and accessing PHI/PII are in place.

Following this, we will dive a little deeper to analyze the compliance status of your workstations, servers, and network.

Part of the analysis that we undertake in this process is surveying your systems for risk and vulnerability. This Comprehensive Risk Analysis utilizes NIST Methodology and covers Administrative, Physical, and Technical Safeguards under 45 C.F.R. § 164.308 (a)(1)(ii)(A) Because HIPAA is an extensive piece of legislation, the parts of an audit are, by necessity, extensive. Here is a list of the areas that we routinely review within this process.

  • Policies & Procedures Review – to ensure current status. Custom templates are provided for any missing Policies
  • Employee Attestation Review – to ensure all employees with access to PHI have attested to your Policies & Procedures
  • Employee Training Review – to ensure all employees with access to PHI have been trained on HIPAA compliance
  • Business Associate Management Review – to ensure you have a BAA with all covered entities and vendors handling PHI
  • Workforce Policy Review
  • Media Disposal Policy Review
  • BYOD Policy Review
  • Incident Management Review
  • Disaster Recovery Plan Review
  • Emergency Operations Plan Review


Our Vulnerability Assessment is central and essential to this process. An external vulnerability scan is performed to look for holes in the network, and an internal vulnerability scan can be performed upon request. Once we have completed this exhaustive HIPAA Compliance Audit, we will provide you with an Evidence of HIPAA Compliance Report Package which includes:

  • Site Survey Response Form
  • User Identification Worksheet
  • Computer Identification Worksheet
  • Network Share Identification Worksheet
  • Login History Report
  • Network Share Permission Report
  • Drive Encryption Report
  • File Scan Report

At the conclusion of our HIPAA Compliance Audit, we will meet with your executive and internal IT management personnel to deliver the results of the audit, a Risk Management Plan, and Remediation Guidance.

Let’s get your healthcare business started down the road to full HIPAA compliance.

Contact us now at {phone} or {email}

Experience VITECH… Find Out What Our Clients Are Saying About Us

Get The Latest News & Information About CyberSecurity

Fill In The Form Below for industry news, and information about our services, events, webinars and more.