HIPAA Consulting and Audits

Any organization that is a Covered Entity or Business Associate under HIPAA regulations MUST complete an annual security risk assessment, then maintain a supporting risk management plan for a potential HHS/OCR audit.


  • Knowing a facility’s HIPAA compliancy for administrative, physical and technical aspects
  • Knowing the security of your network, data and devices
  • Avoiding the steep fines associated with non-compliance
  • Establishing and maintaining the image of a well-run, compliant facility

If a facility uses tablets and smartphones for electronic patient information, our optional software and Mobile Device Management Assessment can identify and recommend best practices.

Meaningful Use and Merit-Based Incentive Payment System (MIPS)

In 2009, the Federal Government passed the HIPAA HITECH act.  A core objective of HITECH was to drive adoption and “meaningful use” of electronic health record systems.  Ultimately, the feds sought the efficiencies and health benefits of automating the processing of medical records.

Almost anyone who is not operating as a hospital is considered an eligible professional (EP).  Starting in 2011, EPs could receive incentive money for the early adoption of EHR systems.  Those same EPs could receive additional incentives by progressing to more advanced stages of EHR implementation.  As of October 1, 2017, all EPs must attest that they have at least completed the first stage and implemented an EHR system.  EPs who fail to show Stage 1 MU, will have up to 6% of their Medicare/Medicaid reimbursements withheld.

Within the core elements for attestation at each stage is the requirement that the EP has completed a HIPAA Security Risk Assessment (SRA) pursuant to the HIPAA Security CFR. Completing a Security Risk Assessment is essential to ensuring your medical practice is compliant with the Meaningful Use regulations.