Health Care Providers, Health Plans, Business Associates
and Third Party Administrators

HIPAA Compliance Program Review

We can work independently on behalf of senior management or collaboratively with compliance officials and legal counsel. The scope of our review and a fee for our services is determined in advance.

Select Topics

We provide consulting services from our office on any HIPAA compliance topic, topics or questions that of concern to an organization.

Document Review

We review an organization’s HIPAA compliance policies, procedures, forms and related documentation from our office. During our review we reach out to compliance staff for clarification as necessary and welcome input. Then we report our findings with suggestions to correct any deficiencies.

Audit Protocol Review

This is a very detailed review applying all OCR HIPAA Audit Protocols to evaluate your HIPAA compliance documentation. Like OCR desk audits it does not require a site visit. We report our findings related to each Audit Protocol and make suggestions to correct any deficiencies.

Overall HIPAA Compliance Review

We review all available HIPAA compliance documentation in advance and make a site visit to inspect safeguards, conduct random interviews and confer with compliance staff and management. We conclude with a written report of our findings.

Board and Senior Management

We will meet with senior management, appropriate board members and legal counsel to review and assist them with understanding their HIPAA compliance responsibilities. In advance we will review the organization’s HIPAA compliance documents, its website and social media websites and provide a briefing paper with notable findings and bullet points outlining leadership responsibilities for the organization’s HIPAA compliance program.

Risk Analysis – Risk Management

We guide organizations through HIPAA Risk Analysis and Risk Management or perform it on their behalf. We created an interactive computer-based Risk Analysis – Risk Management program that follows the exact process developed by the National Institute of Standards and Technology (NIST) recommended by OCR to perform this site specific task. Risk Analysis – Risk Management is not only the basis for an organization’s HIPAA compliance program, documentation of Risk Analysis – Risk Management is the first thing OCR requests during an investigation.


We assist HIPAA compliance officials in creating effective HIPAA compliance workforce training. We also create and produce special training targeted specifically on HIPAA compliance requirements for a specific position. Click here to see an example of our HIPAA compliance training for EMS providers.