HIPAA Attestation

An effective HIPAA compliance program is essential in protecting personal data, reducing risk, and meeting regulatory expectations.

HIPAA Security and Privacy Compliance

With provisions extending beyond medical facilities, the Health Insurance Portability and Accountability Act (HIPAA) requires any organization that processes personal health information (PHI) to demonstrate compliance with HIPAA security and privacy safeguards, as well as the related HITECH breach notification requirements.


The expansion of these requirements to providers’ business associates, including cloud service providers, a dynamic regulatory environment, and growing concern about healthcarerelated security breaches, create significant risks throughout the healthcare sector and its business partners.


A HIPAA attestation, required for covered entities and their business associates, provides thirdparty assurance your organization understands its regulatory obligations and has implemented policies and procedures to protect PHI from unauthorized access or disclosure.

How Sensiba Can Help

Our HIPAA attestation services, which adhere to AICPA standards of quality controls and independence, provide third–party assurance as well as customized reporting options including:

HIPAA Attestation

May 25

Readiness Assessments

We evaluate your policies and procedures to identify any gaps in meeting regulatory expectations. This is usually performed at a specific point in time on a non-assurance basis, often to provide a framework to prepare for a follow-on attestation engagement.

May 25

HIPAA Compliance Agreed Upon Procedures Engagements

This report, issued under AICPA attestation standards, enables us to express an opinion on an organization’s compliance with the requirements of the HIPAA security, privacy or breach notification Rules. These engagements can also be done on a non-attest basis.

May 25

SOC 2 Reports Adapted for HIPAA

SOC 2 reports assess a service organization’s internal controls related to data security, availability, processing integrity, confidentiality, and privacy. These reports provide assurance to customers, regulators, business partners and other stakeholders that the service organization’s policies and procedures are designed and operating effectively. A SOC 2 Security and Privacy report maps closely to HIPAA’s security and privacy rules, and can be supplemented with incremental criteria as needed for your organization.

NEWS, EVENTS, AND INSIGHTS

Related Risk Assurance Resources

Past Webinar

ISO 27001 vs SOC 2: Do I Need Both?

Insight

Group of diversity people searching information for provide ideas in new startup project using touch pad during brainstorming, collaboration and cooperation. Four colleagues sharing opinions at meeting

Understanding SOC 3 Reports: A Seal of Assurance for Security and Privacy

Insight

Understanding the Key Elements of a SOC 2 Report

Insight

Two people discussing work on the computer.

Comparing SOC 1 vs. SOC 2 Reports

Insight

How ISO 27001 Certification Supports and Demonstrates Cybersecurity

News

Two people doing a high five.

Sensiba LLP Accredited to Provide ISO/IEC 27001 and 27701 Certifications

Let's talk about your project.

Our Risk Assurance Services Group can help you evaluate your needs and determine the most effective option for your business and customers.