Be prepared and stay protected.

Risk Analysis

A HIPAA Risk Analysis is a core objective to qualify for the Meaningful Use stimulus and is the first and foundational step in achieving HIPAA compliance.

Under HIPAA and Meaningful Use guidelines, a comprehensive risk analysis is required at least once a year for each and every Covered Entity and Business Associate. With the increased likelihood of being audited for HIPAA compliance and MU incentives, coupled with the sizable penalties involved, healthcare organizations must be diligent about following the proper protocols during their annual Risk Analysis.

What We Do
At Solve Healthcare, we conduct a HIPAA Risk Analysis with our clients every 6 months.  With the advent and use of technology at healthcare organizations, IT processes and the workflows that surround these functions changing frequently, we stay on top of evolving compliance regulations. Our compliance professionals measure and monitor actual practices to determine if policies are actively followed and to identify compliance risks, vulnerabilities, and potential PHI exposure.

Interwoven Approach

Technology and compliance in healthcare go hand-in-hand and our approach does too. Solve’s services differ because our compliance and technology professionals collaborate to examine, develop, validate and deliver security recommendations to our clients.

Technical Safeguards
Technical Safeguards
  • Asset Identification
  • Visualizing Vulnerability
  • Inventory Management
Physical Safeguards
Physical Safeguards
  • Environment Security
  • Access Controls
  • Monitoring
Administrative Safeguards
Administrative Safeguards
  • Policies
  • Roles & Responsibilities
  • Processes and Response


We don’t just provide you with a list of recommendations, Solve can augment or take ownership of remediation. Our talented and cohesive teams deliver definitive results with finesse because we practice what we preach.

  • HIPAA Privacy
  • HIPAA Security
  • Breach Notification
  • Business Associates
  • Audits and Validation
  • Administration
  • Periodic Assessment
  • Breach Notification


Here are some recent and notable privacy/security violations that illustrate the financial and criminal liability associated with HIPAA breaches for Covered Entities and their Business Associates.

December 2021
Advanced Spine & Pain Management, a provider of chronic pain-related medical services in Cincinnati and Springboro, OH, failed to provide a patient with timely access to the requested medical records. The HIPAA Right of Access violation was settled with OCR for $32,150.

March 2021
Ridgewood, NJ-based Village Plastic Surgery failed to provide a patient with timely access to the requested medical records. The HIPAA Right of Access violation was settled with OCR for $30,000.

January 2021
In 2015, Excellus Health Plan reported a breach of the ePHI of 9,358,891 individuals. OCR investigated and uncovered multiple potential violations of the HIPAA Rules: A risk analysis failure, risk management failure, lack of information system activity reviews, and insufficient technical policies to prevent unauthorized ePHI access. The case was settled for $5,100,000.

November 2021
OCR received a complaint from a patient of California-based Riverside Psychiatric Medical Group in March 2019 alleging he had not been provided with a copy of his medical records. OCR intervened but received a second complaint a month later when the records had still not been provided. OCR determined this breached the HIPAA Right of Access provision of the HIPAA Privacy Rule. The case was settled for $25,000.

Contact Sales

Click the button below or call us toll-free at (949) 891-0300 to speak to a live person.