Skip to content

Compliance

HIPAA

Health Insurance Portability and Accountability Act

What we assess

What your HIPAA test covers

We test the systems that actually touch ePHI and map every finding to the HIPAA Security Rule, giving your compliance officer evidence, not a generic scan.

Access & Authentication

Technical safeguards controlling who can reach electronic PHI and how.

We test for

  • Unique user identification
  • Authentication and MFA
  • Access authorization and least privilege
  • Automatic logoff

Transmission & Encryption

How ePHI is protected as it moves across and rests within your systems.

We test for

  • Encryption in transit and at rest
  • Secure transmission controls
  • Integrity verification
  • Key management

Audit & Integrity Controls

Whether activity on systems holding ePHI is logged and data is protected from tampering.

We test for

  • Audit logging and review
  • Integrity controls
  • Monitoring and alerting
  • Tamper detection

Systems Handling ePHI

The applications and infrastructure that store, process, or transmit ePHI.

We test for

  • ePHI system inventory
  • Application and infrastructure testing
  • Vulnerability and patch status
  • Business associate systems

How it works

How your engagement runs

From scope through the final retest, your team stays in the loop at every step, with findings tracked live in our platform.

  1. 01

    Scope ePHI

    We identify the systems that store, process, or transmit electronic PHI.

  2. 02

    Test safeguards

    We test access, transmission, and audit controls against the Security Rule.

  3. 03

    Mapped report

    Findings mapped to the Security Rule as evidence for your compliance team.

  4. 04

    Fix & retest

    Fix the findings, then a free retest that strengthens your risk analysis.

FAQ

Frequently asked questions

What teams most often ask before HIPAA testing.

Still have questions?
01Does HIPAA require a penetration test?

The Security Rule requires a risk analysis and technical safeguards for ePHI but does not prescribe a testing method. A penetration test is a widely accepted way to evidence those safeguards and strengthen your required risk analysis.

02What systems do you test?

The systems that store, process, or transmit electronic PHI, including in-scope applications, infrastructure, and business associate environments where applicable. We confirm scope with you before testing.

03Will this support our risk analysis?

Yes. We map findings to the Security Rule's technical safeguards and provide documentation your compliance officer can use to support the required risk analysis.

Ready to test your defenses?

Talk to our team about what your HIPAA compliance requires.

Get a Fixed-Scope Quote

Tell us what you need tested. We reply within one business day.