Loading images...

Privacy & Security Compliance

Privacy and Security are equal across industries and their data needs. Apgar & Associates provides expert HIPAA privacy and information security, HITECH and regulatory compliance consulting services to health plans, physician groups, clinics and hospitals and the vendors (business associates) that support them.  Our services include privacy risk assessments, security risk analyses and incident response plan development and testing, among others.

Yet while our roots are in healthcare, we work across sectors. On the security side, for instance, we conduct the security risk analyses that are the building block to achieving ISO and SOC II certifications. Our framework works across all certification standards and meets any applicable regulations, helping ready you for certification.

Our privacy and information security clients are nationwide. From Oregon Medical Association (OMA) in our own backyard, to an Arizona global healthcare technology company, a top-ranking hospital in the Alabama’s fast-growing medical hub, to a cash payment solutions company in the Silicon Valley, we understand that HIPAA is only the beginning of the journey. Tight data security and regulatory compliance are top of mind no matter what your industry.

Apgar & Associates particularly notes two key privacy and security program hot buttons we take care of for our clients:

Risk Assessments

It’s the cornerstone of your ability to comply with privacy, security and data breach notification regulations under ISO and HIPAA. If you don’t know where your risk is, you can’t fix it. After the risk assessment, we turn the findings into an implementable Risk Management Plan, which we also guide you through.

Incident Response Plans & Testing

Who do you call when you have a data breach and sensitive information is suddenly not-so-private? We design, test and implement your organization’s Incident Response Plan so that the next step is immediate and automatic, whether it’s loss of a mobile device or a ransomware hack.

For over a decade, Apgar & Associates privacy & security compliance consulting has supported healthcare providers, digital health companies and financial firms here in Oregon and nationwide. We stay on top of the latest and greatest regulatory and certification nuances, track the laser focus of the OCR, CMS, ONC, OIG, FCC, FTC, FFIEC and FDA, and build useful tools and programs for busy Compliance Officers, COOs and Practice Managers.

Apgar & Associates creates practical HIPAA privacy and security compliance consultative solutions. The laws are complex enough; our job is to help executives, practice managers, physicians, privacy and security officers, and business associates meet and maintain compliance with HIPAA, HITECH and associated requirements with minimum hassle.

Contact Apgar & Associates for Privacy & Security Compliance services that include:

  • Risk Assessments & Security Risk Analyses
  • ISO 27001, HITRUST, SOC II Certification preparation
  • Incident Response Plans & Testing
  • Business Continuity Plans & Testing
  • OCR HIPAA Audit Preparation

Chris Apgar CISSP HIPAA expert privacy and information security complianceAdditionally, Chris Apgar, CISSP, CEO, is a frequent, popular educator and panelist for OMA, HCCA and other industry-leading organizations. Chris is also available as an expert witness and columnist. For all of your privacy and information security compliance consulting needs, call the privacy and security experts at Apgar & Associates: 503-384-2538.

Westlaw Round Table Group Expert Witnesses



Event Calendar

There are no upcoming events at this time.

Mailing & Office Address

Apgar and Associates, LLC
P.O. Box 80278
Portland, OR 97280
p 503-384-2538
p 877-376-1981




7100 SW Hampton St.
Suite 137
Tigard, OR 97223

Subscribe To Our Newsletter  HERE


"Chris has been a consistent and visionary leader of the WEDi Regional Affiliates group as it brings together healthcare leaders from across the US to discuss common challenges and highlight solutions that can be adopted in a consensus approach to meeting compliance and efficiency challenges."

Holt Anderson