Security & Privacy Policy and Procedure Development

Security & Privacy Policy and Procedure Development

Are your security and privacy policies and procedures complete and current?

Would they stand up to an OCR audit?

Are you confident that your policies are comprehensive and inclusive of security standards and regulations like HIPAA, NIST and HITRUST?

Meditology maintains a comprehensive set of healthcare-specific security and privacy policy and procedure templates aligned with the latest regulatory requirements. We customize this master set to align with your specific organization size and structure to support regulatory compliance and robust security controls that are appropriate for your unique business.

We have worked with hundreds of industry leading healthcare clients over a decade to review, assess, and develop security policies and procedures. Our policy and procedure development support services accelerate HITRUST CSF and SOC 2 certifications and reduces time and costs for your organization.


  • Ranked #1 Best in KLAS for Cybersecurity Advisory Services in 2019 and 2020
  • Dedicated to healthcare
  • HITRUST Certified Assessor Organization
  • Over a decade of policy and procedure development experience and examples for leading practices
  • NIST & FISMA policy development and compliance experts
  • HIPAA expert witness firm for OCR
  • Experienced CISOs and Privacy Officers that understand operational implementation of policies and procedures
Quote Icon

Dartmouth-Hitchcock has partnered with Meditology Services since 2012.

Over that period of time, they have helped with multiple projects, both large and small, repeatedly delivering as promised. We have come to trust their insights regarding regulatory issues and their vast experience of the healthcare industry when developing security policies, strategies and budgets. We regularly use their ethical hacking skills to test the effectiveness of our security program.  In summary, they have earned our trust and become an integral part of our security toolset.

Peter Merrill

Director of Information Systems, Dartmouth-Hitchcock Medical Center

Quote Icon

Meditology came to us recommended by our members and is well-respected in its service community.

As a health information exchange (HIE), we are a highly customer-focused organization – and we recognize this same orientation in a consulting partner. Meditology came to us recommended by our members and well-respected in its service community. They were readily able to evaluate our policy and security framework, and identify areas of key focus. We particularly appreciated their knowledge around HIPAA and our statewide HIE. With their help, we created an entire array of organizational policies. Meditology also conducted a security assessment that demonstrated we had appropriate safeguards in place for robust exchange. This has helped assure our member hospital/health systems, healthcare insurers, and ambulatory practices. Naturally, the effort has had an important influence on our service procedures. We look forward to continued work with Meditology for our consulting and ongoing risk-assessment needs.

Daniel Wilt

Senior Director of Information Technology and Chief Information Security Officer, HealthShare Exchange of Southeastern Pennsylvania