Our dedicated associates have significant experience in providing risk reduction and compliance services for the healthcare industry.  Our goal is to exceed clients expectations and deliver exceptional, value-driven service on every project.







Project Management – New Technology Implementations

  • Scoping and Planning
  • Day to Day Coordination and Communication
  • Information Gathering and Validation 
  • Developing and Confirming Timelines and Milestones
  • Reporting and Delivery

Disaster Recovery and Business Continuity

  • High Availability Assessments (Identifying Single Points of Failure Infrastructure Design)
  • Defining Recovery Time Objectives
  • Tier Level Ranking
  • Disaster Recovery Program Development
  • Recovery Procedure Documentation
  • Recovery Testing

GRC Program Development – Selection and Tool Implementation

  • Technical Solution Selection and Implementation
  • Road Map Development and Planning
  • Assessment
  • Guidance
  • Program Structure
  • Training

Epic Access Provisioning and Security Assessment

  • Access Provisioning Development and Implementation
  • Operational Security Controls Assessment
  • High Availability – Identify Single Points of Failure


Evaluating Information Risks, Monitoring & Reporting Capabilities

  • Conducting Privacy and Security Compliance and Strategies for meeting the requirements
  • Conducting Risk Analysis on assets that contain Sensitive Information, including: (Utilizing the National Institute of Standard Technology methodologies (NIST))
    – Applications
    – Networks
    – Medical Devices
    – Mobile Devices
    – IOT Devices
  • Conducting Network Penetration and Vulnerability Testing – Identifying weaknesses in both Hard-wired and Wireless Network
  • Testing for Intrusion Detection, Virus, Malware and Phishing – Monitoring and Blocking
  • Assessing for PCI Compliance and Readiness Assessments
  • Evaluating Third Party and Vendor Risks
  • HIPAA Compliance Assessments
  • OCR Readiness Assessments
  • Developing an ongoing risk reporting process, including Analysis Dashboards and Management Reports

Incident Response – Security Breach or Technical Failure

  • Developing Policies and Documentation
  • Defining Governance and Responsibilities
  • Determining Communication and Reporting Flows
  • Developing Risk Mitigation Strategies

Information Security Program – Co-Sourcing

  • Implementing an ongoing Risk Management Governance Program – GRC
  • Leading the day-to-day Security and Privacy Program – Handling Security and Privacy issues and events, Communicating program status
  • Developing the ongoing risk ranking and mitigation methodology and plans
  • Implementing security tools for monitoring and reducing risks
  • Conducting organizational Security and Privacy Awareness and Training
  • Developing an ongoing risk remediation program, process and reporting structure

Epic Security

  • Security Assessments
  • Account Provisioning
  • Compliance Assessment and Remediation Activities
  • Risk Identification
  • Infrastructure Review

Virtual CISO

  • Security Analysis
  • Policy Development
  • Security and Compliance Training
  • Executive Reporting

Vendor Risk Management

  • System and Process Implementation
  • Ongoing 3rd Party Risk Evaluation
  • Reporting

Audit & Compliance

Internal Audit Sourcing and Co-Sourcing

  • Operational, Compliance and IT Auditing.
  • Full or Partial Internal Audit Outsourcing
  • Enterprise-Wide Risk Assessments
  • Audit Assistance

Privacy and Security Risk Management

  • HIPAA and HITECH Compliance Assessments
    – Technologies
    – Medical Devices
    – Electronic processes
  • Governance and Ongoing Administration
  • Risk Analysis
  • Risk Mitigation Strategy and Ongoing Analysis
  • Policy Development and Implementation
  • OCR Readiness Assessments

Comprehensive 340B and Pharmacy Solutions

  • Mock HRSA audits
  • Annual Independent audits
  • Full program audits
  • Policy and procedures review
  • Program optimization
  • Split-billing software configuration
  • Program implementation

Third Party and Vendor Compliance

  • Risk Assessment and Process Improvement
  • Vendor Risk Management
  • Tools and Processes
  • Inventorying and Categorizing