AAFCPAs Logo - Great Minds Great Hearts

HIPAA Compliance

Structured assessments that help you meet regulatory expectations, document risk, and strengthen trust.

Schedule a Consultation  

HIPAA compliance reinforces trust, reduces risk of fines from the Office of Civil Rights (OCR), and helps ensure the security of sensitive health data. AAFCPAs supports organizations that handle protected health information (PHI) through structured, regulator-aligned assessments tailored to your environment. Whether assessing your current posture or preparing for attestation, we deliver the clarity, documentation, and insight needed to demonstrate accountability and meet expectations with confidence.

HIPAA compliance assessments.

We offer three levels of HIPAA compliance assessments, scaled to your risk environment and regulatory obligations:

  1. Top 10 HIPAA. A focused assessment of the top 10 enforcement actions identified by the OCR.
  2. Risk-Based Assessment Using the HHS SRA Tool. A full risk analysis using the current version of the U.S. Department of Health and Human Services’ Security Risk Assessment (SRA) Tool.
  3. Full Protocol-Based Evaluation. A comprehensive assessment based on the HHS HIPAA Audit Protocol, updated July 2018.

Each engagement results in a structured gap analysis and clear remediation guidance. Optional testing of control effectiveness is available for organizations seeking deeper validation or preparing for future attestation.

Why Organizations Choose AAFCPAs

AAFCPAs supports clients at every stage of HIPAA compliance, from those building an initial program to those refining mature frameworks. You benefit from:

  • A dedicated attestation team with deep HIPAA experience
  • Structured guidance through assessment, documentation, and remediation
  • Optional attestation services delivered in conformity with AICPA attestation standards
  • Practical, plain-language reporting designed to support decision-making
  • Expertise from a certified ethical hacker and cybersecurity team focused on threat detection and risk mitigation
  • Integration with related frameworks where applicable, including HITRUST, ISO 27001, and NIST

Connect with Us

Let’s talk about how we can support your HIPAA compliance goals.

James Jumes
James Jumes

James Jumes

MBA, M.Ed. | Partner, Governance, Risk & Compliance
Paula Chamoun
Paula Chamoun

Paula Chamoun

CISA, CISSP, CISM | Director, Governance, Risk & Compliance

Contact Us

We look forward to speaking with you to determine how we may best solve your needs. A firm representative will reach out to you within one business day. Looking for additional ways to reach us? Visit our Contact Page. >>