HIPAA complianceWhat is the HIPAA Security Assessment?

The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

A HIPAA Security assessment checks your security program (administrative, physical and technical security controls) against the Security Rule, measures gaps in the security program, and prioritizes security remediation activity for the covered entity.

Our HIPAA Security assessment covers the following safeguards: §164.308 - Administrative Safeguards, §164.310 - Physical Safeguards, §164.312 - Technical Safeguards


Why would I want this?

If you are a covered entity or a business associate then you are required to assess your security program.  You’re not required to hire a third party to perform this assessment, but there are a lot of benefits to having an objective third party deliver this.

  • Gratia, Inc. can look at the security environment objectively and tell you what you need to know without a hidden agenda
  • Gratia, Inc. is focused on IT compliance and security, so we strive to be the best at assessing security programs against regulations like HIPAA
  • We know how to do these assessments.  You aren’t paying us to “figure it out”.


What makes Gratia, Inc. different?

Gratia, Inc. is not a checklist security company.  There is a big difference between having an experienced security expert complete a HIPAA Security assessment versus other methods, like downloading a template.

There are many significant value propositions that our clients realize. Examples include:

  • Gratia, Inc.’s Methodology – Gratia, Inc. has developed a proprietary approach to assessing HIPAA information security risks.  It’s more than a checklist of questions and recorded answers.  Our approach gives you a full picture of your risks – prioritized and rated, so you know which security investments will have the greatest impact.
  • Full Transparency – Gratia, Inc. strongly believes in empowering our customers.  The more knowledge transfer that occurs during our engagement, the more value our customers recognize.  Gratia, Inc. fully discloses the methods, tools, and configurations used to perform analysis work for our customers in the hope that they can easily adopt our processes for their future benefit.
  • Product Agnostic – Gratia, Inc. does not represent any third-party products or services; on purpose.  Our projects and recommendations stand on their own, with no ulterior motive to sell you things you don’t really need.


What are the deliverables I should expect?

We consistently get great feedback on our reporting style. Gratia, Inc. has spent years developing reports that communicate assessment results in clear, easy to digest ways, that are appropriate for both technical and non-technical audiences.  Typical deliverables out of an information security assessment include:

  • Executive Summary Report
  • Full Report
  • Action Plan and/or Road Map


What does a HIPAA Security Rule audit cost?

The cost of  a HIPAA Securit Rule Audit is largely dependent on the size and complexity of the environment.  We take into account your organization’s size, complexity, industry, compliance requirements, and most importantly, your actual needs.  Because of our tailored approach, all you need to do is spend a few minutes on the phone with our team to make sure we are delivering exactly what you need and want.