Meditology Assurance SOC 2 reports demonstrate your compliance with the AICPA’s Trust Service Criteria for security, availability, processing integrity, confidentiality, and privacy.

Meditology’s SOC 2 readiness assessment and SOC 2 examination process can help your organization achieve compliance by:

  • Providing guidance on the AICPA SOC 2 requirements prior to the SOC 2 examination.
  • Reviewing the policies and procedures relevant to SOC 2 examinations.
  • Identifying gaps within your organization’s control environment by assessing the design and operating effectiveness of technical, physical, and procedural controls.
  • Assisting with the remediation of control gaps by ensuring existing controls are designed optimally, documented appropriately, and operating effectively.
  • Facilitating the exchange of control documentation and testing evidence during the execution of the SOC 2 examination.

SOC 2 Type 2 audit reports have become one of the most common and cost-effective vehicles for demonstrating controls relevant to security, availability, confidentiality, processing integrity and privacy to your customers and partners. Certifications and attestations like SOC 2 are fast becoming table stakes to provide products and services to healthcare entities.


Meditology Services is a certified HITRUST assessor and an experienced assessor for SOC 2 examinations. Our healthcare security experts frequently advise healthcare executives on best practices for pursuing HITRUST certifications as well as going through SOC 2 examinations.

Many organizations opt to obtain both HITRUST CSF Certification and SOC 2 reports simultaneously. Obtaining both certifications as part of one security initiative provides a cost-effective means of demonstrating effective security and privacy practices.

HITRUST demonstrates compliance with regulatory requirements that apply to healthcare organizations and provides a high-level of assurance to healthcare organizations.

While SOC 2 reports can be obtained by a wide range of industries, many of the security controls demonstrate compliance with HIPAA, which is an additional bonus for healthcare organizations and the businesses serving them.

SOC 2 Examinations


  • HIPAA expert witness firm for OCR
  • Experienced CISOs and Privacy Officers
  • Dedicated to healthcare
  • Hundreds of clients coast to coast
  • Advisors to ONC / HHS
Quote Icon

I’m very satisfied with my Meditology Team on our HSOC 2 engagement; 5 out of 5-star rating.

The Team is very knowledgeable. Very professional team touching questions that are not easy and require knowledge like cloud-based environments and regulatory matters. They have much more knowledge than I and are very helpful. Questions are answered and we are not asked to just provide whatever for them to score. Communication is great; clear and constant reminders about the project schedule and deadlines.

Infosec Engineer

IT Technology Service Company

Quote Icon

We are a small, women-owned business and going to SOC2 Certification was a big step for us.

A lot of the companies Meditology works with are larger than us but our Meditology team was very accommodating and made the process work for us versus being Draconian. And they took the time to learn our business and improve our security posture. We are continuing to work with Meditology on HITRUST next and that’s why.


Healthcare Data Services Organization

Quote Icon

Very satisfied with everything about our SOC2 Type II engagement with Meditology.

I thought it was very well organized and throughout the entire time the communication was really excellent. Everyone does a great job being detail-oriented and communicating very clearly. It has been a great experience.


Healthcare Data Services Organization

Quote Icon

Our SOC 2 Type II Attestation engagement has been organized and easy for us to send and share information.

When we’ve had questions, the Meditology team has been very helpful in clarifying things and flexible in how we provide information.

Project Manager

Technology Solutions Provider

Quote Icon

Meditology gave us exactly what we need to do to mature in this space.

The Medical Device Information Security Consulting Services gave us an assessment of our current state, brought us to an actionable roadmap, and then the full-on implantation plans – Meditology gave us exactly what we need to do to mature in this space. It’s very valuable.

Manger, InfoSec Risk

Community Health System in Atlanta