Blog Archives - Drummond Group

Choosing the Right SOC 2 Path for Your Organization

At a high level, the difference between a SOC 2 Type I and Type II comes down to design vs. performance. A Type I report is a point-in-time snapshot, showing

FHIR Interoperability Expectations Are Escalating

Future Market Insights (March 2026) valued the global HL7 FHIR compliance market at $2.3B, with projections reaching $8.6B by 2036 (12.7% CAGR). The analysis named Epic, Oracle Health, Microsoft, and

The Importance of Impartial Remediation Support

You completed a security assessment. The findings report was shared. Your assessor identified vulnerabilities, ranked them by severity, and has given you a prioritized list of what needs to be

Six Questions to Ask a Penetration Testing Vendor

Not long ago, most organizations outside of financial services and healthcare could treat penetration testing as optional. That has changed. The forces pushing organizations toward pen testing in 2026 are

Traditional QA Is Reaching Its Limits in FHIR Ecosystem Testing

The strategic case for continuous FHIR validation is well established, but the technical case for how to execute it is not. Health IT organizations understand that point-in-time certification was never

From Third-Party Integration to Native EPCS Certification

When your team first integrated a third-party e-prescribing module, the decision made sense. You had an EHR to build, a market window to hit, and a DEA compliance requirement that

Security Controls Don’t Migrate Themselves

What Is NIST 800-53 and Why Are Financial Institutions Using It? NIST Special Publication 800-53 is a catalog of security and privacy controls published by the National Institute of Standards

Preparing for Certification with Drummond

For many health IT developers, ONC certification is a major milestone, confirming that a product meets federal Health IT Certification Program requirements. What often surprises teams is how structured the

Your Vulnerability Scans Are Leaving Gaps

Vulnerability scanning is not optional for regulated organizations. If you are subject to PCI DSS, HIPAA, or SOC 2, regular scanning is a baseline requirement. The real question is whether

Search

The Hidden Costs of Fast Compliance

Why Both HIPAA and ONC Health IT Certification Matter in Building Trustworthy Digital Health

Supporting Lean Teams: How the Right Partner Simplifies HIPAA Compliance

Real-World Interoperability Assurance with FHIRplace

CMS Prior Authorization Pledge

Choosing the Right SOC 2 Path for Your Organization

Your Vulnerability Scans Are Leaving Gaps

Why Prior Auth API Certification Matters Now

Why Poor AI Governance Is a Bottom-Line Risk for Healthcare

Category: Blog

Choosing the Right SOC 2 Path for Your Organization

FHIR Interoperability Expectations Are Escalating

The Importance of Impartial Remediation Support

Six Questions to Ask a Penetration Testing Vendor

Traditional QA Is Reaching Its Limits in FHIR Ecosystem Testing

From Third-Party Integration to Native EPCS Certification

Security Controls Don’t Migrate Themselves

Preparing for Certification with Drummond

Your Vulnerability Scans Are Leaving Gaps

FREE EXPERT CONSULTATION

Drummond Group, LLC