Compliance Audit

HIPAA Compliance Audit
& Risk Analysis

A complete top-to-bottom review of your practice's HIPAA compliance posture — technical, administrative, and physical — with a full written report and remediation roadmap.

$1,997
One-time · No recurring fees
Get Started →

What We Audit

We cover every area of the HIPAA Security Rule — nothing is skipped.

Technical Security Assessment

Full network vulnerability scan across all devices and systems
Review of firewall rules, remote access configurations, and VPN settings
Evaluation of multi-factor authentication (MFA) implementation
Endpoint protection and antivirus coverage review
Wi-Fi segmentation audit — patient data vs. guest vs. staff networks
Cloud storage and email security configuration review

HIPAA Administrative Review

Review of all existing HIPAA policies and procedures
Business Associate Agreement (BAA) inventory — are all vendors covered?
Staff training records and security awareness documentation
Access control review — who has access to what PHI and why
Audit log review — are you tracking who accesses patient data?
Workforce sanction policy and termination procedure review

Physical Safeguards Audit

Workstation placement and screen privacy assessment
Physical access controls to areas containing PHI
Device disposal and media destruction procedures
Mobile device policy and remote wipe capability review
Visitor access and badge/sign-in procedures

Risk Analysis (Required by HIPAA)

Formal risk analysis document — required by the HIPAA Security Rule
Identification of all systems, devices, and locations that touch PHI
Threat and vulnerability assessment for each identified risk
Likelihood and impact scoring for every identified risk
Risk prioritization matrix for remediation planning

What You Receive

Every audit includes these 8 deliverables — in writing.

1
Executive Summary Report
A plain-English overview of your current compliance posture — written for practice owners, not IT teams.
2
Technical Gap Report
Every identified vulnerability and missing control, categorized by severity: Critical, High, Medium, Low.
3
Formal HIPAA Risk Analysis
The documented risk analysis required by the HIPAA Security Rule — signed and dated for your records.
4
Remediation Roadmap
A prioritized action plan showing exactly what to fix, in what order, and what it will cost to close each gap.
5
Policy Gap List
A complete inventory of missing or outdated HIPAA policies with recommended templates.
6
BAA Inventory
A full list of your Business Associates and which ones are missing signed agreements.
7
Cyber Insurance Readiness Score
A score showing where you stand against common cyber insurance carrier requirements.
8
60-Minute Debrief Call
Dallas walks you through every finding personally, answers your questions, and explains what comes next.

Frequently Asked Questions

Schedule Your Compliance Audit

Fill out the form below and Dallas will reach out within 1 business day to schedule your audit.

No payment collected here. Dallas will contact you to confirm details before any charges.