Our Services

You need full visibility into your highest risks, as well as actionable and practical plans for achieving compliance. We can help. We help organizations in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (“ePHI”).

Our HIPAA Security Rule Risk Analysis is designed to meet the requirements of 45 CFR § 164.308(a)(1)(ii)(A). Upon completion of the analysis, an organization will have a roadmap which it can use to efficiently and effectively allocate its resources in mitigating its risk exposure.

Our Assessment process includes


Software & hardware (“Assets”) used to create, store, and transmit ePHI


Security Rule policies & procedures to HIPAA’s Administrative, Physical, and Technical safeguards and complete a data flow map of where ePHI is generated, transmitted, and stored


Natural, human and environmental threats to ePHI being held


Technical & non-technical vulnerabilities that a threat may take advantage of to gain access to ePHI


HIPAA Security Officer and select team members to assess how the organization’s Security Rule policies and procedures are operationalized


Walk-through of the organization’s physical office to access physical security


Findings of the assessment, a risk score for each Asset, and recommended remediation steps an organization could take to mitigate its risk exposure

Our Team

J. Ira Bedenbaugh

Managing Director

Christopher Duram

Senior Manager Penetration Tester

Carla Cullen


Case Studies

Additional Resources


HIPAA Changes for Telehealth and COVID-19

Mar 18th, 2020

As the Healthcare Industry deals with the emerging COVID-19 emergency, an effective way for providers to see patients who may have COVID-19, or to assess…
Read More


Coronavirus Aid, Relief, and Economic…

Mar 30th, 2020

This document has been updated based upon additional guidance issued by the Center for Medicare and Medicaid Services (CMS) on March 29 and 30, 2020.…
Read More

Case Study

Healthcare Organization and Cybersecurity

May 17th, 2021

Executive Management asked Elliott Davis to help answer: “Is my electronic protected health information (ePHI) safe from cybercriminals and others that steal healthcare data?” Context…
Read More

Contact Our Team

  • By using the contact forms on our website, no professional relationship is established until you speak directly with an Elliott Davis professional to confirm such relationship. By submitting a message through our website forms, you agree that you have read and agree to the full terms and conditions of our website.