Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HIPAA Compliance Review & Remediation

Packaged Services

Our H2 Compliance Review & Remediation service offering assists covered entities and business associates in standing up and/or modifying their HIPAA compliance initiative in order to conform to the transformational requirements of the HITECH Act. We tailor our H2 Compliance Scorecard methodology, developed in conjunction with the HIPAA Survival Guide, to assess, train, and re-mediate based upon requirements specific to your organization and business function. This comprehensive service offering considers all three legs of the HIPAA compliance stool contained within the HITECH Act: 1) the HIPAA Privacy Rule; 2) the HIPAA Security Rule; 3) the Breach Notification Rule.


First, we help organizations of all sizes develop a vision of their compliance initiative, and a governance model that underpins it, in order to set the organization on the path to establishing a culture of compliance.

All industry stakeholders, including the Office of Civil Rights, have clearly recognized that in the 24/7 365 real-time electronic world that the healthcare industry now operates in, policies alone are simply not an effective strategy for "reasonably and appropriately" protecting patient data. Further, compliance is simply not a one time event but rather a set of policies, processes and tracking mechanisms that must be revisited over time in order to ensure that industry best practices are implemented and maintained.

Our H² Compliance Scorecard methodology quickly delivers traction to your compliance initiative as outlined below.

Policies + Processes + Tracking = Visible Demonstrable Evidence = Culture of Compliance.


What is covered?

Our service is summarized below under various categories. We believe that our combination of deliverables, provided at compelling price point, remains unequaled by our competitors.

Compliance Initiative: Vision, Strategy, and Governance

  • Guidance with respect to how your compliance initiative (covering all three legs of the compliance stool) should be structured, launched and maintained overtime.
  • Identification of your organization's strategic risks (legal and reputational) and compliance gaps, as well as providing the remediation steps required to address them.
  • Ongoing counsel to ensure that your compliance initiative is maintained in conformance with new laws and an evolving regulatory landscape.

Education and Awareness

  • Overview training for your entire workforce on Privacy, Security and Breach Notification Rules.
  • Specialized training for members of your workforce responsible for specific processes.
  • Suitable quizzes by content area to ensure that workforce members assimilate the key learning objectives.
  • Development of organization-wide awareness processes to ensure that privacy and security remain front and center operational concerns.

Visible Demonstrable Evidence

  • Development of required policies and the organizational processes required to underpin them.
  • Recommendations regarding appropriate tracking mechanisms necessary to capture compliance process results.
  • Review of business associate contracts with recommendations for conformance to the HITECH Act. 
  • Recommendations regarding commercial-off-the-shelf ("COTS") products that may be mission critical to your compliance initiative.
  • Collaboration with HIT staff and/or consultants to ensure that technical issues with legal implications are appropriately addressed.

What does it cost?

The cost generally has three components: 1) a fixed fee price once we agree on the scope; 2) a variable number of hours of ongoing consultation depending on your requirements; and 3) usual and customary business expenses (e.g. travel and lodging) as required.

Our fixed fee leverages our existing methodology and reusable templates and therefore represents a compelling price point for organizations of all sizes. Further, our ongoing consultation fees are provided at hourly rates significantly discounted from market rates.

How do we get started?

Getting started is painless. Once we mutually agree as to the scope of the effort, both parties sign an engagement letter that summarizes the statement of work and we conduct a kickoff session with stakeholders to review the plan for moving forward. Deliverables are reviewed weekly to ensure that both parties remain focused and on-track.

Contact us today