HIPAA & OCR COMPLIANCE

They were unfailingly professional throughout the information gathering and data gathering processes, kept to their timeline and verified the results that they found. The reports produced were accurate and easy to understand, with appropriate benchmarking to other health care organizations and the security industry as a whole. Most importantly, they provided concrete and achievable suggestions to help mitigate the risks identified.

We outsource our IT services and they worked closely with us, and the vendor, to collect required documentation, they accepted input from both sides and explained their conclusions once findings were verified. The team's project time lines, status reports, and weekly follow up calls kept us all on track for a timely completion. Meditology addressed the significant risk areas in a straightforward manner without making respondents feel defensive, and they freely offered information about industry best practice. The team has definitely won the confidence of our Executive group and expect we will be asking Meditology for more work in the future.

As I learned more about Meditology’s deep technical skills and multiple prior experiences working in healthcare environments similar in size and complexity to Grady, my sense of confidence in Meditology grew. The project was delivered on-time and on-budget, and exceeded my expectations based on the thoroughness and care of the approach, and the quality of the reporting. Meditology was able to achieve each of the engagement objectives, and their report provided a comprehensive picture of Grady’s security posture. I plan to work with Meditology in the future and look forward to similar success.

Over that period of time, they have helped with multiple projects, both large and small, repeatedly delivering as promised. We have come to trust their insights regarding regulatory issues and their vast experience of the healthcare industry when developing security policies, strategies and budgets. We regularly use their ethical hacking skills to test the effectiveness of our security program.  In summary, they have earned our trust and become an integral part of our security toolset.

They were highly knowledgeable and extremely professional throughout the duration of each project, and the quality of the final deliverables they provided was exceptional. Meditology’s healthcare focus and core competency of Information Security and Privacy were indispensable to the engagement. Their deep knowledge of the HIPAA and HITECH regulations, as well as the Common Security Framework and supplemented by industry operational experience of their team members, added huge value to the assessment. Meditology was able to address significant risk areas in a straightforward manner and was able to provide practical examples and insight on how to go about correcting issues. We will definitely call upon Meditology again when the need arises.