HIPAA Compliance

HIPAA Compliance


Whether you’re a covered entity (CE) or a business associate (BA), the US Department of Health and Human Services means business! Non-compliance can be reputationally damaging and impose deep fines, usually requiring third-party oversight for several years to ensure conformance improvements. The specificities of the Code of Federal Regulations, Title 45—Public Welfare demands strict adherence across several codes:

  • Privacy Rule

  • Security Rule

  • Breach Notification Rule

  • Enforcement and Sanctions

  • Omnibus Rule of 2013

  • GINA


ALLENDEVAUX helps organizations understand the scope of practice demanded by each including access authorization, termination procedures, protection requirements from malicious software, emergency access procedures, transmission integrity controls, and many others to name a few. When applicable, the requirements of HIPAA can also be integrated into an ISMS and mapped to an existing framework such as ISO/IEC 27001.

How We Can Help


ALLENDEVAUX provides several scopes to ensure HIPAA compliance. Some of these include the following:

  • HIPAA Gap Analysis – Measuring an organization’s current practices against HIPAA requirements, and enumerating the gaps that must be addressed to pass a compliance audit. This practice is also useful for an organization that wants to identify a mapping between HIPAA and an enterprise compliant framework such as ISO/IEC 27001.

  • HIPAA Risk Assessment – Hosting a risk workshop to interview key stakeholders, identify asset owners related to ePHI and an updated asset inventory, identify or establish a compliance board for governance, identify risks and quantitative measurements associated with risk management equations, leading to a risk treatment plan. This scope can also involve performing a HIPAA gap analysis noted above. The assessment may also involve a cybersecurity assessment to validate internal and external hardening. The output of the cybersecurity audit identifies any vulnerabilities so that weaknesses may be addressed; it also demonstrates due care and due diligence should a breach ever occur.

  • HIPAA Audit – an onsite auditor reviews the administrative processes, technical controls, and physical security practices of an organization along with evidence of practice to produce an attestation of compliance or non-compliance.



Get Connected

US East: +1 513 401 7107

US West: +1 213 279 1055

​UK: +44 2038 802 321

CH: +41 44 585 91 15

35 Rockridge, Englewood OH 45322

  • Grey LinkedIn Icon
  • Grey Facebook Icon

Copyright (c) 2019 by Allendevaux & Company LLC.  

All rights reserved.