HIPAA Gap Assessment

Reviewing your HIPAA efforts to help ensure you meet all requirements

From health care providers to benefits administrators and various service providers, HIPAA mandates that organizations implement controls and processes to secure hard copy and electronic protected health information (PHI). Audits by the Department of Health and Human Services’ Office for Civil Rights (OCR) can be time-consuming and can often result in expensive settlements, which have increased post-omnibus final rule (Sept. 2013).

RSM has an extensive understanding of the complexity of HIPAA compliance, and can develop a comprehensive HIPAA gap assessment specific to your unique challenges. Our team provides you with an overview of your major areas of concern, and steps to address any areas of weakness. Ultimately, RSM’s HIPAA gap assessment gives you a high-level view of areas to improve ahead of an audit, helping ensure that you remain compliant.

During our HIPAA gap assessment, our team examines your administrative, physical and technical safeguards, as well as your policy, procedural and privacy requirements. RSM’s HIPAA gap assessment will identify areas of noncompliance, reducing the cost, confusion and complexity of HIPAA compliance. In addition, we help your organization avoid damages that could result from compromised PHI or electronic PHI (ePHI) which can total millions of dollars.

RSM’s goal is to provide a strategy for your organization to effectively protect ePHI and PHI, and achieve full HIPAA compliance during a formal audit. While we do not perform these audits, our experience working with many HIPAA covered entities provides a blueprint for our HIPAA gap assessment. It enables us to provide best practices for your company to achieve compliance and make a formal audit much less of a concern.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.

Learn more