HIPAA Gap Analysis

HIPAA Gap Analysis
Learn about a HIPAA Gap Analysis

What is a Gap Analysis?

A HIPAA Gap Analysis is a focused review and analysis of a covered entity or business associates’ enterprise.  In addition it will review the flow of protected health information (PHI), the information systems hardware and software systems that use, disclose and store PHI, and the safeguards in place to protect the information.  The HIPAA Gap Analysis is a great help to begin your review but it will not take the place of a HIPAA Risk Analysis.

Items Included in a Gap Analysis

The items reviewed in a HIPAA Gap Analysis include the administrative, physical and technical safeguards that are used to protect PHI.  First  reviewed are administrative safeguards which include policies, procedures, and related documents.  It also includes the appointment of a privacy and security official and training on the organizations policies and procedures.  Secondly, physical safeguards protect information systems and related equipment and facilities from hazards and intrusions. They also protect paper PHI that is maintained in the course of business within the organization.  Finally, technical safeguards protect ePHI by applying mechanisms to protect the confidentiality, integrity and availability of the data. These safeguards control access to PHI and assure the information is true and accurate. It must also be available for those authorized to use the information to perform their job functions. 

The Focus of a Gap Analysis

The analysis will determine if the entity’s policies and procedures are in compliance with the requirements of the HIPAA Privacy and Security Rules as amended by the HITECH Act (HIPAA Rules).  In addition it will identify the areas where an organization does not comply with the regulatory standards of the HIPAA Rules affording it the opportunity to determine what it needs to bring it into compliance.  

Security Assessment

An IT security consultant will review the security of the electronic systems  to assure it conforms with industry standards and HIPAA Security Rule requirements and addressable standards.    

How It Can Help You

Above all the gap analysis will give HIPAA-covered entities and their business associates an overall view of their compliance efforts. Secondly it will help them discover areas where they are yet to be compliant with HIPAA Rules. Finally, it will identify any gaps in the controls. Most importantly it will give the organization a bird’s eye view of the HIPAA program’s health and its short comings. This will give the Privacy Officer the information needed to move forward with the program.


Cost of HIPAA Gap Analysis begins at $2,500


Contact Us

Most importantly we will help your organization with a Gap Analysis to define the state of your HIPAA Privacy Plan. Finally we can review your program and offer practical information to know how best to focus you HIPAA efforts.