HIPAA Attestation

An effective HIPAA compliance program is essential in protecting personal data, reducing risk, and meeting regulatory expectations.

HIPAA Security and Privacy Compliance

With provisions extending beyond medical facilities, the Health Insurance Portability and Accountability Act (HIPAA) requires any organization that processes personal health information (PHI) to demonstrate compliance with HIPAA security and privacy safeguards, as well as the related HITECH breach notification requirements.


The expansion of these requirements to providers’ business associates, including cloud service providers, a dynamic regulatory environment, and growing concern about healthcarerelated security breaches, create significant risks throughout the healthcare sector and its business partners.


A HIPAA attestation, required for covered entities and their business associates, provides thirdparty assurance your organization understands its regulatory obligations and has implemented policies and procedures to protect PHI from unauthorized access or disclosure.

How Sensiba Can Help

Our HIPAA attestation services, which adhere to AICPA standards of quality controls and independence, provide third–party assurance as well as customized reporting options including:

HIPAA Attestation

May 25

Readiness Assessments

We evaluate your policies and procedures to identify any gaps in meeting regulatory expectations. This is usually performed at a specific point in time on a non-assurance basis, often to provide a framework to prepare for a follow-on attestation engagement.

May 25

HIPAA Compliance Agreed-Upon Procedures Engagements

This report, issued under AICPA attestation standards, enables us to express an opinion on an organization’s compliance with the requirements of the HIPAA security, privacy or breach notification Rules. These engagements can also be done on a non-attest basis.

May 25

SOC 2 Reports Adapted for HIPAA

SOC 2 reports assess a service organization’s internal controls related to data security, availability, processing integrity, confidentiality, and privacy. These reports provide assurance to customers, regulators, business partners and other stakeholders that the service organization’s policies and procedures are designed and operating effectively. A SOC 2 Security and Privacy report maps closely to HIPAA’s security and privacy rules, and can be supplemented with incremental criteria as needed for your organization.

Our HIPAA Practice Leadership

Jeffrey Stark headshot

Jeff Stark

Audit Partner
Brian Beal headshot

Brian Beal, CISSP, CISA

Partner, Risk Assurance Services

NEWS, EVENTS, AND INSIGHTS

Related Risk Assurance Resources

Insight

World map overlayed on nature background.

ISO/IEC 27001 Updated for Climate Change Risks

Learn More

Insight

A person looking at a tablet.

ISO/IEC 27701 vs. 27018: Privacy Data Protection Standards

Learn More

White Paper

ISO whitepaper

ISO/IEC 27001:2022 Readiness Checklist

Learn More

Insight

Person writing on a document with laptop open.

Understanding AI Roles to Promote ISO 42001 Compliance

Learn More

Insight

Person typing on laptop with ISO graphic overlay.

How to Define Your ISO 27001 Scope (and Write Your Scope Statement)

Learn More

Case Study

Lucidworks Case Study

RAS Case Study: Lucidworks

Learn More
Sign Up For Our Newsletter

Let's talk about your project.

Our Risk Assurance Services Group can help you evaluate your needs and determine the most effective option for your business and customers.