The Health Insurance Portability and Accountability Act (HIPAA) requires any business that handles electronic patient health information (ePHI) to take reasonable steps to ensure this information remains secure.

HIPAA Covered Entities know they need to become and remain compliant but are often overwhelmed by the dense legalese in the rule and wonder whether the costs of becoming compliant will be prohibitive. Legislation such as the Health Information Technology for Economic and Clinical Health Act (HITECH) strengthens the HIPAA Security and Privacy rules, requires “Business Associates” to fully comply with both rules just like “Covered Entities”; defines “secured” and “unsecured” PHI; and requires that notifications be sent to individuals if their PHI is compromised in a data breach. The principal goal of the gap analysis is to evaluate the current state of information security practices against the requirements of HIPAA and HITECH. This is a regulatory requirement, but a lack of internal resources and expertise often stops organizations from conducting a formal gap analysis, and this can leave them open to costly breaches and potentially significant fines.


ISGRM performs a gap analysis that maps the HIPAA Security Rule’s safeguards to your organization's specific environment to identify gaps that exist in the security program. An integral post-survey consultation helps determine a priority list for the recommended remedial actions. This compliance activity aligns your organization’s policies, processes and procedures with the safeguards, and the accompanying documentation demonstrates how the organization was evaluated and provides a prioritized roadmap for remediation.


  • Assesses whether or not the organization is safeguarding protected health information based on the requirements outlined in HIPAA
  • Provides documentation with the information required so that you can demonstrate due diligence in the event of an audit by Health and Human Services (HHS)
  • Aligns the organization with breach notification requirements outlined in HITECH

For further information on our HIPAA Gap Analysis service, please contact one of our Sales representatives by calling (954) 800-0397 or by completing our Online Inquiry Form.