Security Consulting
HIPAA Gap Analysis | Secure Application | Cyber Security Services

HIPAA Gap Analysis


The Health Insurance Portability and Accountability Act (HIPAA) requires any business that handles electronic patient health information (EPHI) to take reasonable steps to ensure that this information remains secure. HIPAA covered entities know that they need to become and remain compliant but are often overwhelmed by the dense legalese in the law and wonder if the costs of becoming compliant will be prohibitive. Legislation such as the Health Information Technology for Economic and Clinical Health Act (HITECH) has increased the visibility of the HIPAA rules and added heightened requirements surrounding breach notification. The principal goal of the gap analysis is to evaluate the current state of information security practices against the requirements of HIPAA and HITECH. This is an important requirement, but a lack of internal resources and expertise often stops healthcare organizations from conducting an analysis-leaving them open to costly breaches and potentially significant fines.


Secure Application performs a gap analysis that maps the HIPAA security and privacy rules to your organization's specific environment to identify gaps that exist in the security infrastructure. An integral postsurvey consultation helps determine a priority list for the recommended remedial actions. This compliance trail assures you that your environment is secure, and accompanying documentation demonstrates how the organization was evaluated and the steps that were taken to secure it.

  • Helps ensure that the organization is safeguarding information based on the requirements outlined in HIPAA
  • Provides documentation with the information required so that you can demonstrate due diligence to a potential HIPAA inspector
  • Protects the organization from negative publicity resulting from an EPHI breach
  • Aligns the organization with breach notification requirements outlined in HITECH
  • Combines preassessment gap analysis, remediation design and implementation services into a single, end-to-end compliance solution

Secure Application's comprehensive HIPAA Gap Analysis service provides a thorough gap analysis tailored to an organization's specific operating environment. This gap analysis, along with a postsurvey consultation, creates the structure required to ensure a documented compliance trail.
Services include:

  • Onsite consulting to explore both the privacy and security rules of HIPAA as they apply to the organization
  • Evaluation of adherence to HITECH requirements
  • Complete HIPAA walkthrough and guidance through the point at which compliance is achieved
  • Preassessment gap analysis (to industry standards), remediation design and implementation services
  • Review of policies, procedures, standards and information security requirements
  • A comprehensive review of risks and vulnerabilities
  • Thorough documentation and reporting
HIPAA Gap Analysis