Meditology specializes in HIPAA Security & Privacy, HITRUST, NIST,
and GDPR Risk Assessments & Remediation. 

We serve as HIPAA expert witnesses for OCR and align our products to address expectations of regulators, including OCR and CMS. Our team has a proven track record of building security and privacy programs that reduce risk and address regulatory compliance mandates.

Meditology can assist you with OCR Audit Readiness. We have worked with clients under OCR investigation and are very knowledgeable about HIPAA compliance and the OCR audit process.



  • Ranked #1 Best in KLAS for Cybersecurity Advisory Services in 2019 and 2020
  • HIPAA expert witness firm for OCR
  • Experienced CISOs and Privacy Officers
  • Dedicated to healthcare
  • Hundreds of clients coast to coast
  • Advisors to ONC / HHS

We chose Meditology mainly for their demonstrated knowledge and understanding of HIPAA, ARRA/HITECH and established security standards.

They were unfailingly professional throughout the information gathering and data gathering processes, kept to their timeline and verified the results that they found. The reports produced were accurate and easy to understand, with appropriate benchmarking to other health care organizations and the security industry as a whole. Most importantly, they provided concrete and achievable suggestions to help mitigate the risks identified.

Barbara Anson
CISO, Baptist Memorial Health Care Corporation of Memphis, TN

Meditology was nothing but professional from start to finish for the project with McLaren.

We outsource our IT services and they worked closely with us, and the vendor, to collect required documentation, they accepted input from both sides and explained their conclusions once findings were verified. The team's project time lines, status reports, and weekly follow up calls kept us all on track for a timely completion. Meditology addressed the significant risk areas in a straightforward manner without making respondents feel defensive, and they freely offered information about industry best practice. The team has definitely won the confidence of our Executive group and expect we will be asking Meditology for more work in the future.

Denise Dach
Corporate Director of Compliance, McLaren Health Care

It was vitally important that I had a complete sense of confidence in Meditology’s ability to successfully deliver this project without impacting clinical care.

As I learned more about Meditology’s deep technical skills and multiple prior experiences working in healthcare environments similar in size and complexity to Grady, my sense of confidence in Meditology grew. The project was delivered on-time and on-budget, and exceeded my expectations based on the thoroughness and care of the approach, and the quality of the reporting. Meditology was able to achieve each of the engagement objectives, and their report provided a comprehensive picture of Grady’s security posture. I plan to work with Meditology in the future and look forward to similar success.

Michael Francis
Executive Director, Infrastructure Services & ISSO, Grady Health System, Georgia

Dartmouth-Hitchcock has partnered with Meditology Services since 2012.

Over that period of time, they have helped with multiple projects, both large and small, repeatedly delivering as promised. We have come to trust their insights regarding regulatory issues and their vast experience of the healthcare industry when developing security policies, strategies and budgets. We regularly use their ethical hacking skills to test the effectiveness of our security program.  In summary, they have earned our trust and become an integral part of our security toolset.

Peter Merrill
Director of Information Systems, Dartmouth-Hitchcock Medical Center

We engaged Meditology to assist us with Security Risk Assessment services on two different occasions.

They were highly knowledgeable and extremely professional throughout the duration of each project, and the quality of the final deliverables they provided was exceptional. Meditology’s healthcare focus and core competency of Information Security and Privacy were indispensable to the engagement. Their deep knowledge of the HIPAA and HITECH regulations, as well as the Common Security Framework and supplemented by industry operational experience of their team members, added huge value to the assessment. Meditology was able to address significant risk areas in a straightforward manner and was able to provide practical examples and insight on how to go about correcting issues. We will definitely call upon Meditology again when the need arises.

Martin Littmann
Chief Technology Officer & CISO, Kelsey-Seybold Clinic