Meditology specializes in HIPAA Security & Privacy, HITRUST, NIST,
and GDPR Risk Assessments & Remediation. 

We serve as HIPAA expert witnesses for OCR and align our products to address expectations of regulators, including OCR and CMS. Our team has a proven track record of building security and privacy programs that reduce risk and address regulatory compliance mandates.

Meditology can assist you with OCR Audit Readiness. We have worked with clients under OCR investigation and are very knowledgeable about HIPAA compliance and the OCR audit process.



  • HIPAA expert witness firm for OCR
  • Experienced CISOs and Privacy Officers
  • Dedicated to healthcare
  • Hundreds of clients coast to coast
  • Advisors to ONC / HHS
Quote Icon

Meditology is knowledgeable.

It’s helpful to have a conversation with someone who has worked in the field and understands the challenges we have. We have open lines of communication in our weekly HIPAA Privacy Risk Assessment meetings. They are very personable, very easy to work with, and they have teams of people who have done this before; Meditology has dedication to having a team of SMEs who understand.

Assistant Privacy Officer

Large Health System

Quote Icon

Particularly valued working with Meditology because of the expertise that has been brought to the questions we have.

We are a different beast as a university. Most vendors put us in cookie cutter mold, but you took time to understand how we were different and couched the assessment. That was valuable – making the product fit our work environment.

Director of HIPAA Compliance

Public Research University in New York

Quote Icon

A significant value already imparted is Meditology’s knowledge and experience in Information Security and Privacy Policy Development.

They took what we had, it was a lift, but they organized it first-off according to what standard P&P should be, the format, and what best practices are, and into a roadmap that follows industry best practices. I wasn’t telling them what it should be – they had it. As we have been going through and asking questions and for opinion, it’s been provided and immediately imparted based on their experience, calling it like it is with experience and knowledge.

Executive Operating Officer

Large Health Information Exchange in the South

Quote Icon

Professional, no trick “gotcha” questions, collaborative approach, level of professionalism – I appreciate working with Meditology as an organization.

I have worked with them before. Good to hear from my team the Meditology experience compared to work with other assessment vendors, it speaks to the value.

Privacy Officer

Large Health System

Quote Icon

We chose Meditology mainly for their demonstrated knowledge and understanding of HIPAA, ARRA/HITECH and established security standards.

They were unfailingly professional throughout the information gathering and data gathering processes, kept to their timeline and verified the results that they found. The reports produced were accurate and easy to understand, with appropriate benchmarking to other health care organizations and the security industry as a whole. Most importantly, they provided concrete and achievable suggestions to help mitigate the risks identified.

Barbara Anson

CISO, Baptist Memorial Health Care Corporation of Memphis, TN

Quote Icon

Meditology was nothing but professional from start to finish for the project with McLaren.

We outsource our IT services and they worked closely with us, and the vendor, to collect required documentation, they accepted input from both sides and explained their conclusions once findings were verified. The team's project time lines, status reports, and weekly follow up calls kept us all on track for a timely completion. Meditology addressed the significant risk areas in a straightforward manner without making respondents feel defensive, and they freely offered information about industry best practice. The team has definitely won the confidence of our Executive group and expect we will be asking Meditology for more work in the future.

Denise Dach

Corporate Director of Compliance, McLaren Health Care

Quote Icon

It was vitally important that I had a complete sense of confidence in Meditology’s ability to successfully deliver this project without impacting clinical care.

As I learned more about Meditology’s deep technical skills and multiple prior experiences working in healthcare environments similar in size and complexity to Grady, my sense of confidence in Meditology grew. The project was delivered on-time and on-budget, and exceeded my expectations based on the thoroughness and care of the approach, and the quality of the reporting. Meditology was able to achieve each of the engagement objectives, and their report provided a comprehensive picture of Grady’s security posture. I plan to work with Meditology in the future and look forward to similar success.

Michael Francis

Executive Director, Infrastructure Services & ISSO, Grady Health System, Georgia

Quote Icon

Dartmouth-Hitchcock has partnered with Meditology Services since 2012.

Over that period of time, they have helped with multiple projects, both large and small, repeatedly delivering as promised. We have come to trust their insights regarding regulatory issues and their vast experience of the healthcare industry when developing security policies, strategies and budgets. We regularly use their ethical hacking skills to test the effectiveness of our security program.  In summary, they have earned our trust and become an integral part of our security toolset.

Peter Merrill

Director of Information Systems, Dartmouth-Hitchcock Medical Center

Quote Icon

We engaged Meditology to assist us with Security Risk Assessment services on two different occasions.

They were highly knowledgeable and extremely professional throughout the duration of each project, and the quality of the final deliverables they provided was exceptional. Meditology’s healthcare focus and core competency of Information Security and Privacy were indispensable to the engagement. Their deep knowledge of the HIPAA and HITECH regulations, as well as the Common Security Framework and supplemented by industry operational experience of their team members, added huge value to the assessment. Meditology was able to address significant risk areas in a straightforward manner and was able to provide practical examples and insight on how to go about correcting issues. We will definitely call upon Meditology again when the need arises.

Martin Littmann

Chief Technology Officer & CISO, Kelsey-Seybold Clinic