HIPAA Compliance Support
Do you have HIPAA compliance questions?
Get your FREE HIPAA CONSULTATION with a Drummond expert and get answers.
Build Market Trust with Impartial HIPAA Gap Assessment
HIPAA Compliance is a requirement for healthcare providers, payers, pharmacies, and their business partners. While the mandate does not require the use of 3rd party accredited certification and testing bodies, self-attestation can be a double-edged sword. The market lacks confidence in internal promises of compliance—especially when even well-intentioned internal assessments can be marred by presumptions, lack of compliance expertise, or technical blind spots.
Drummond is a trusted and impartial assessor backed by over 25 years of experience in Health IT validation and certification. Our HIPAA Gap Assessment services help you stand out as a trustworthy data guardian.
Our HIPAA Compliance services include:
Identifying Gaps Is the First Step to Compliance
Stake the first step in proving your HIPAA compliance with an expert-led Gap Assessment. We thoroughly review your security controls, identify gaps, and provide actionable recommendations. Drummond’s HIPAA GAP Assessment process involves a structured approach to evaluating your current compliance status against requirements.
This methodology includes:
Pre-engagement Activity
Before the assessment begins, our project manager conducts a kickoff teleconference with your primary point of contact (POC) to discuss the assessment process. This includes reviewing business drivers, expectations, limitations, assessment scope, start and end dates, and estimated report delivery.
Assessment Methodology
Our HIPAA assessment covers:
- 164.308 Administrative Safeguards
- 164.310 Physical Safeguards
- 164.312 Technical Safeguards
- 164.314 Organizational Requirements
- 164.316 Policies and Procedures
We analyze the information collected to determine your compliance levels against previous assessments (if available). Our team works with your appointed primary POC to define the assessment start date and project milestones, ensuring all relevant documentation is gathered, and interviews are scheduled.
Documentation Review
We will review your organization’s policies, procedures, and supporting documentation, considering industry best practices and applicable regulations. Commonly reviewed documents include:
- Network and data flow diagrams
- Risk management policy
- Information security policy
- Privacy policy
- Configuration standards
- Software development lifecycle (SDLC) standards
- Incident response plan
- Business continuity plan
- Disaster recovery plan
- Third-party risk management policy
- Security awareness documentation
- Cryptographic key management procedures
Interviews and Observations
Our assessors conduct interviews with your key personnel to gather information on:
- Access controls
- Logging and monitoring
- Software development
- Security responsibility
- Existing security processes
- Job function
- Disaster recovery plans
- Incident response plans
- Previous security incidents
- Network architecture
- Technical issues
- Security awareness
The information collection will involve interviews with key personnel, focusing on access controls, logging and monitoring, software development, security responsibilities, existing security processes, and incident response plans.
Deliverable—Assessment Findings Report
Upon completing the assessment, we will analyze the collected information and compile a report detailing our findings and recommendations. Our thorough Quality Assurance (QA) process ensures the report’s accuracy and consistency. The final deliverable will be sent to the client, who will have ten (10) business days to review and request any necessary modifications.
Resources
- Blog
ONC Certification is Not HIPAA Compliance: Why You Need Both
- Blog
How HIPAA Compliance Helps Startups Build Trust and Grow
- Special Offers
Special Start-up Program — HIPAA or PCI
- Special Offers
Special Offer — HIPAA Compliance Audit
- Insights & Guidance
HIPAA Checklist
- Blog
The Value of Drummond’s Comprehensive Healthcare Risk Assessment
- Blog
The Importance of Demanding Data Governance Transparency from Your Software Vendors
- Blog
The Essential Role of the HIPAA Privacy Officer
- Blog
The Critical Role of Proactive Threat Identification in Healthcare Security
- Blog
How to Avoid Costly HIPAA Violations and Protect Patient Data
Our Methodology Is Your Key to HIPAA Compliance Excellence
With a dedicated Drummond expert guiding your assessment process, live interviews with various stakeholders, and the unique flexibility to resubmit compliance evidence, you and your customers can have confidence in your HIPAA compliance.
Upon successful completion, you’ll earn the coveted Drummond Validated badge and a compelling letter of assurance to confidently share with your discerning customers and valued business associates.
Unique Compliance Challenges Require Tailored Support
If a full HIPAA GAP Assessment is not needed or desired, Drummond can support your compliance efforts with the following services:
Policy & Procedure Review
A comprehensive review of your FTC Safeguards compliance policies and procedures to identify gaps and weaknesses and recommend best practices.
Custom Engagements
Drummond’s team of compliance experts can supplement your internal expertise or resources, offering tailored support to meet your specific needs.
Small Practice Risk Assessment
Small practices, with limited resources, can find security gaps in HIPAA compliance. We identify vulnerabilities and recommend control implementations, ensuring the safety of protected health information (PHI).
Comprehensive Healthcare Risk Assessment
The Drummond Comprehensive Healthcare Risk Assessment (CHRA) provides an effective way to evaluate and determine compliance with HIPAA, assess how technology and operational risks are managed and controlled, and evaluate overall risk exposure to the organization and its customers. It compiles and clarifies information related to prevention and control technologies, practices, and their associated effectiveness.
This assessment summarizes existing controls and provides recommendations for remediating any deficiencies. Drummond encourages complementing your CHRA with our technical services to ensure all risks are identified.
Why choose Drummond?
Stronger Together
Our industry-experienced healthcare compliance team will give you an objective view of potential risks and vulnerabilities to patient information, and we will ensure that your security, privacy, and compliance goals align with business goals and ultimately mitigate risk.
Top HIPAA Assessor
We have performed 200+ assessments, which makes us a top performer in the industry. Our experience lessens the time and money you must expend for certification.Proven Methodology
We advance the pre-assessment phase and evidence collection process with our proven automation and engagement methodology to get your organization HIPAA/HITECH Certified in a timely manner.
Don’t Wait—Prioritize the Integrity of Your HIPAA Compliance Now!
Ready to get started?
Fill in this form and a Drummond representative will contact you.