HIPAA Compliance Assessment

Maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) is more important than ever.

The provisions affecting covered entities and business associates are wide-ranging, and penalties, and the associated organizational costs, for noncompliance with HIPAA requirements can quickly escalate to millions of dollars. Media reports of security and privacy breaches can also be devastating—undermining the trust of your patients, employees, vendors and business associates. This is why monitoring your HIPAA compliance through assessments is so critical.

Additionally, information security protections and HIPAA compliance are required for participation in various federal and state payment or care improvement programs.

Whether you’re applying for federal or state funds, concerned about the effectiveness of your HIPAA compliance program, or looking for assistance to complete your technical and non-technical periodic reviews, RSM has the experience and methodologies to assist your organization.  

Questions to ask about HIPAA compliance

With so much riding on your HIPAA compliance program, it’s imperative to ask some questions when considering if an assessment is needed. These include:

  • Are you certain your HIPAA compliance program can withstand regulatory scrutiny including a Health and Human Resources Office of Civil Rights (OCR) audit?
  • If you're pursuing state or federal funds, is your program or associated implementation projects progressing as expected?
  • Was your most recent HIPAA assessment conducted in the last year?
  • Did your HIPAA assessment cover both security and privacy?
  • Have you completed an assessment to address all elements of the security and privacy rules, for all locations and operations?

Are you on the right track or do you need to change course?

Regulatory compliance is challenging for most organizations. Whether you're short of staff or simply don't have the resources with the appropriate knowledge and experience, RSM can help you develop the policies, procedures and processes you need to achieve and maintain HIPAA compliance.

Often, clients tell us they simply want to know what they don't know. If that sounds familiar, a RSM HIPAA readiness review or compliance assessment will provide you with a clear indication of how compliant you are now, and provide you with the specific actions required to change course.

RSM consultants assist organizations with the following HIPAA compliance-related services:

  • Readiness review — We determine how ready your organization is to comply with existing regulations, including reviewing documentation, interviewing selected managers and making general observations.
  • Compliance assessment — This review includes an in-depth review and analysis of policies, procedures and documentation; interviews with staff; and testing existing processes and controls.
  • Risk assessment — In compliance with the HIPAA security rule, we efficiently perform an accurate, thorough analysis, recording potential risks and vulnerabilities to the confidentiality, integrity and availability of protected health information and associated assets.
  • HIPAA gap assessmentOur team will develop an assessment specific to your unique HIPAA program and challenges. We provide an overview of any major concerns and outline steps to address any vulnerabilities or weaknesses.
  • Policy and procedure compliance assessment — We assist you in adding to or updating your HIPAA policies and procedures based on findings of a readiness review or compliance assessment. Our experienced consultants can also assist in developing and implementing these policies and procedures.
  • Security awareness training — Using industry best practices, we train your personnel on how to understand and implement your organization’s HIPAA-related security and privacy policies. Training is customized to the attendees' experience levels.

Deep health care industry experience and knowledge

When you need outside assistance, it's important to choose the right partner. RSM understands the issues you face and works with you to customize a compliance plan that fits your organization's structure and culture.

When it comes to compliance—come to RSM.  Contact us about a HIPAA compliance assessment today.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.

Learn more


Beyond HIPAA compliance

Collaboration and alignment between IT audit and IT security helps health care organizations better manage information security risks.