Information Risk Management & Compliance

Helping you design success!


The professionals from the IRMC Group specialize in assisting organizations in reducing operational and information risks.  Our firm provides experienced specialists in audit, operational risk management and information security protection. We have over 35 years of risk management experience including 25 years of professional technology risk consulting and project management experience.

We have assisted Health Care Providers, Law Firms, Insurance, Pharmaceutical and Medical Device Companies including several Fortune 1000 companies. Healthcare management experience spans clinical systems, data networks, privacy and security services, disaster recovery development, disaster recovery auditing, risk analysis, compliance assessments and IT general controls auditing. We have conducted over 300 IT implementations, risk assessment and/or IT audit related projects within the health care industry.  

Contact Us today

Our Business Partners


Professional Affiliations




Comprehensive Solutions for HIPAA Compliance

 Privacy and Security Risk Management 

  • HIPAA and HITECH Compliance Assessments (Applications, Technologies, Medical Devices and electronic processes)
  • Governance and Ongoing Administration
  • Risk Analysis
  • Risk Mitigation Strategy and Ongoing Analysis
  • Policy Development and Implementation
  • OCR Readiness


Epic Security

 Security Assessments

  1. Compliance
  2. Risk Identification

Infrastructure Review 

  1. Technical Design - Performance & Growth
  2. High Availability – Identify Single Points of Failure


Operational Risk Management

 Risk Assessment and Process Improvement

  • Vendor Risk Management Tools and Processes – Third Party Trust
  • Inventorying and Categorizing (amount and sensitivity of the data)
  • Improve processes for Risk Reduction
  • Ongoing Monitoring


GRC Program Development - Selection and Tool Implementation

  • Assessment
  • Guidance
  • Program Structure


We improve performance while reducing risks!

We assist in the following area:

Compliance Assessments (Security and Privacy), Information Risk Analysis (Applications, Networks, Workstations, Printers and Mobile Devices), Medical Device Risk Analysis – Program Development for Clinical Engineering, Risk Assessments for Patient Safety and Data Privacy, Data Criticality Analysis, Policy and Procedure Development, Remediation Assistance, Security Program Development, Ongoing Compliance Strategies and Planning, Security Governance Programs, Acquisition Due Diligence – Security Compliance and Integration, Project Management services for new IT implementations – Aligning technologies with operational needs, application implementation planning, Risk Remediation Planning and Implementation, Access Provisioning – Security Design, Data Criticality Analysis and Disaster Recovery Planning, Security Program Development and Ongoing Governance, Ongoing Compliance Strategies and Planning and Data Flow Documentation.

We Help Your Company Meet The Standards

We utilize HIPAA, HITECH Act, NIST 800-53, NIST Cybersecurity Standards and Methodologies and Audit Standards.

Find out more