HIPAA & OCR Compliance Consulting
Meditology specializes in HIPAA Security & Privacy, HITRUST, NIST, and GDPR Risk Assessments & Remediation.
We serve as HIPAA expert witnesses for OCR and align our products to address expectations of regulators, including OCR and CMS. Our team has a proven track record of building security and privacy programs that reduce risk and address regulatory compliance mandates.
Meditology can assist you with OCR Audit Readiness. We have worked with clients under OCR investigation and are very knowledgeable about HIPAA compliance and the OCR audit process.
HIPAA & OCR Compliance Services
- Security & Privacy Risk Assessments
- GDPR & HIPAA Privacy Impact Assessments
- BA Inventory Compliance Management
- HIPAA Expert Witness Services
- Policy & Procedure Development
- Education, Training, & Awareness
What Sets Meditology Apart
HIPAA expert witness firm for OCR
Experienced CISOs and Privacy Officers
Dedicated to healthcare
Hundreds of Clients Coast to Coast
Advisors to ONC / HHS
Related Resources
Blog Post
Customer Success Stories
Meditology was nothing but professional from start to finish for the project with McLaren.
We outsource our IT services and they worked closely with us, and the vendor, to collect required documentation, they accepted input from both sides and explained their conclusions once findings were verified. The team's project time lines, status reports, and weekly follow up calls kept us all on track for a timely completion. Meditology addressed the significant risk areas in a straightforward manner without making respondents feel defensive, and they freely offered information about industry best practice. The team has definitely won the confidence of our Executive group and expect we will be asking Meditology for more work in the future.
Denise Dach
Corporate Director of Compliance, McLaren Health Care
It was vitally important that I had a complete sense of confidence in Meditology’s ability to successfully deliver this project without impacting clinical care.
As I learned more about Meditology’s deep technical skills and multiple prior experiences working in healthcare environments similar in size and complexity to Grady, my sense of confidence in Meditology grew. The project was delivered on-time and on-budget, and exceeded my expectations based on the thoroughness and care of the approach, and the quality of the reporting. Meditology was able to achieve each of the engagement objectives, and their report provided a comprehensive picture of Grady’s security posture. I plan to work with Meditology in the future and look forward to similar success.
Michael Francis
Executive Director, Infrastructure Services & ISSO, Grady Health System, Georgia
Dartmouth-Hitchcock has partnered with Meditology Services since 2012.
Over that period of time, they have helped with multiple projects, both large and small, repeatedly delivering as promised. We have come to trust their insights regarding regulatory issues and their vast experience of the healthcare industry when developing security policies, strategies and budgets. We regularly use their ethical hacking skills to test the effectiveness of our security program. In summary, they have earned our trust and become an integral part of our security toolset.
Peter Merrill
Director of Information Systems, Dartmouth-Hitchcock Medical Center
We engaged Meditology to assist us with Security Risk Assessment services on two different occasions.
They were highly knowledgeable and extremely professional throughout the duration of each project, and the quality of the final deliverables they provided was exceptional. Meditology’s healthcare focus and core competency of Information Security and Privacy were indispensable to the engagement. Their deep knowledge of the HIPAA and HITECH regulations, as well as the Common Security Framework and supplemented by industry operational experience of their team members, added huge value to the assessment. Meditology was able to address significant risk areas in a straightforward manner and was able to provide practical examples and insight on how to go about correcting issues. We will definitely call upon Meditology again when the need arises.
Martin Littmann
Chief Technology Officer & CISO, Kelsey-Seybold Clinic
Meditology is knowledgeable.
It’s helpful to have a conversation with someone who has worked in the field and understands the challenges we have. We have open lines of communication in our weekly HIPAA Privacy Risk Assessment meetings. They are very personable, very easy to work with, and they have teams of people who have done this before; Meditology has dedication to having a team of SMEs who understand.
Assistant Privacy Officer
Large Health System
Particularly valued working with Meditology because of the expertise that has been brought to the questions we have.
We are a different beast as a university. Most vendors put us in cookie cutter mold, but you took time to understand how we were different and couched the assessment. That was valuable – making the product fit our work environment.
Director of HIPAA Compliance
Public Research University in New York
A significant value already imparted is Meditology’s knowledge and experience in Information Security and Privacy Policy Development.
They took what we had, it was a lift, but they organized it first-off according to what standard P&P should be, the format, and what best practices are, and into a roadmap that follows industry best practices. I wasn’t telling them what it should be – they had it. As we have been going through and asking questions and for opinion, it’s been provided and immediately imparted based on their experience, calling it like it is with experience and knowledge.
Executive Operating Officer
Large Health Information Exchange in the South
Start With Where You Are
A maturity assessment takes the guesswork out of where to begin. Let's understand your current state — then build from there.