Health Insurance Portability and Accountability Act (HIPAA) Compliance Assessment

Safeguarding the Security of Health Data

The Health Insurance Portability and Accountability (HIPAA) requires firms to regulate the security and privacy of health data by providing administrative, physical, and technical safeguards. We use our HIPAA | HITECH Regulatory Compliance Assessment to identify any areas in which your organization is not complying with these laws, and to detail precise methods for becoming compliant.

The Sage Methodology

We accomplish our assessment by first performing data extraction, looking at any previous assessments. We review all your HIPAA-related documentation, including policies, procedures, training, and contracts, and conduct staff interviews relating to HIPAA practices. We then perform a compliance analysis, and develop a report containing remediation recommendations, if applicable, and an action plan in order to achieve HIPAA compliance.

Reports and Recommendations

Once our assessment is complete you will receive a HIPAA | HITECH Compliance Report, which contains:

  • HIPAA Regulatory Compliance Dashboard - a graphical snapshot of your compliance overall, and compliance per category.
  • HIPAA Regulatory Compliance Matrix – documenting the compliance status for each standard and implementation specification.
  • Synopsis of HIPAA Regulatory Compliance Issues and Remediation Recommendations, organized by security rule category.  This synopsis describes compliance findings and presents remediation recommendations.
  • Synopsis of HIPAA Regulatory Compliance Enhancement Recommendations - presents recommendations for further enhancing protections in areas that have been found to be compliant, but not optimal.
  • Standards and Implementation Specification Detail - organized by security rule category. This section includes specification descriptions, assessment findings, compliance status, compliance and/or enhancement recommendations, and supporting document and evidence.


The Sage Cybersecurity Lifecycle

The Sage Data Security Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More