Meditology provides consulting services to assist healthcare organizations address pressing IT and Risk Management challenges.


The rapid rise in security breaches and regulatory compliance action has driven the healthcare industry to look for more formal mechanisms for validating information security controls across providers, payers, and Business Associates. Meditology provides security certification services including HITRUST Common Security Framework (CSF) and SOC 2 frameworks to help your organization demonstrate the effectiveness of your security program to internal and external entities alike.


Download our HITRUST Data SheetWe have a great deal of experience in the area of IT Risk Management, especially with respect to the HITRUST Common Security Framework (CSF), an information security framework that unites the requirements of existing federal and third party standards and regulations. With a wide array of security frameworks that exist in healthcare to keep information safe, the HITRUST CSF is an increasingly adopted framework that is utilized within the industry to contain the growing risk and liability associated with information security in healthcare.

We understand well how to position our recommended solutions in the context of our client’s operational needs and constraints. Meditology tailors each assessment to the unique compliance needs of each client and works to ensure industry best-practice standards and requirements are implemented and followed.

SOC 2 Type II*

SOC 2 compliance is quickly become a hot topic in today's world of technology and cloud computing, and as such, service organizations should take note of 5 important items regarding this specific Service Organization Control (SOC) reporting framework. Meditology Services can help your organization align itself with the Trust Services Principles of the Service Organization Control (SOC) framework.  SOC 2 and 3 reports provide you with information and assurance about the controls that affect the security, availability, and processing integrity of the systems your organization uses to process sensitive data and the confidentiality and privacy of the information processed by these systems.

Meditology can help you achieve SOC 2 and SOC 3 compliance by:

  • Providing formal certification of SOC2/SOC3 requirements
  • Assisting with the creation, design, and/or documentation of technical, physical,  or procedural controls within the organization’s environment
  • Identifying gaps within  the environment’s control descriptions and associated processes
  • performing tests of Trust Services controls in advance of formal SOC audits
  • Assisting with the remediation of control gaps by ensuring existing controls are designed optimally, documented appropriately, and operating effectively. 
  • Facilitating the exchange of control documentation and testing evidence during the execution of external SOC 2 and 3 audits

* Services provided by Meditology Assurance