If your HealthTech product touches protected health information, HIPAA is not optional — it is US law. We run the risk analysis, build the safeguards, and get your BAAs in order.
More context on this sector on our HealthTech industry page, and on the framework itself on our HIPAA hub.
Tailored to HealthTech, delivered by a Toronto security and compliance team led by a published CVE researcher, with our partner Lorikeet Security where offensive testing is involved.
See the full HIPAA service page, or productized pricing for fixed-scope engagements.
No official HIPAA certification exists. Compliance is demonstrated through your risk analysis, safeguards, policies, and BAAs. We produce that evidence package.
If you provide services to a covered entity and handle PHI, you are typically a business associate. We help you classify your role and obligations correctly.
A documented assessment of risks to PHI across administrative, physical, and technical safeguards, with remediation. It is the foundation the Security Rule requires.
Book a free 30-minute discovery call. We will tell you whether this engagement fits, what it would cost, and when we could start.