Copyright © 2026 RFPPlanet. All rights reserved.
Privacy Policy
Cookie settings
Terms of Use
The Vendor is required to provide Professional Services from a qualified consultant to conduct a comprehensive audit of HIPAA-related risks within the organization’s system, processes, and data handling practices, and to provide expert guidance on the development, review, and implementation of Agreements.
- HIPAA Risk Assessment
• Perform a full assessment of administrative, physical, and technical safeguards.
• Review policies, procedures, and workflows affecting Patient Medical Records, Protected Health Information (PHI), and Protected Personal Information (PPI).
• Evaluate current data handling, storage, transmission, and disposal practices.
• Identify gaps in compliance against HIPAA Security and Privacy Rules.
• Provide a prioritized risk register with severity ratings.
• Recommend corrective actions and mitigation strategies.
• Assess Training Certification program to ensure training aligns with the specific responsibilities of civilian personnel, including interactions with patients, verification of identity, appropriate use and disclosure of Protected Health Information (PHI), access controls, confidentiality requirements, and breach reporting protocols.
• Evaluate information technology systems and controls related to PHI/ePHI, including access controls, authentication, remote access, mobile devices, encryption, logging, backups, integrations, cloud services, file transfers, reporting tools, and vendor-managed systems.
• Identify systems, applications, repositories, devices, vendors, and data flows where PHI/ePHI is created, received, maintained, transmitted, stored, accessed, or disposed of.
• Review whether technical safeguards are reasonably designed to protect the confidentiality, integrity, and availability of PHI/ePHI, including user access, privileged access, audit logs, secure transmission, endpoint security, vulnerability management, incident response, and data recovery practices.
• Identify IT-related compliance gaps, operational risks, and recommended corrective actions.
- Business Associate Agreement (BAA) Guidance
• Review existing BAAs for compliance, sufficiency, and alignment with HIPAA requirements.
• Provide templates or language recommendations for new BAAs.
• Provide guidance on risk allocation, indemnification, breach response requirements, and subcontractor handling.
• Support the development of an internal BAA governance process.
• Deliver a checklist for ongoing BAA validation and monitoring.
Set up free email alerts and get notified when new government bids, tenders and procurement opportunities match your industry and location. Choose daily or weekly delivery.
