Case Study 2
An OCR investigation of a PHI data breach meant a hospital and health system needed to respond quickly and fully to all agency requests.
See how we helped them respond
Case Study 3
This healthcare business associate needed to demonstrate compliance efforts to their hospital and healthcare system clients.
See how we helped them demonstrate compliance
Previous slide
Next slide

Apgar & Associates' consulting expertise supports clients in privacy, infosec, HIPAA, HITECH and regulatory compliance, plus preps for HITRUST, SOC2 and ISO Certification.



Do your clients want you to be HITRUST, SOC2 or ISO certified? Our certification prep gets you through the What + How of evidence collection and explicit requirements for each. Financial, healthcare provider, or technology business partner—you’ll be poised for certification success. 

security incident response icon


How solid is your security incident response plan? Is your incident response team trained? With our help, you’ll know who needs to do what, when, for every security incident. You’ll also comply with the ISO 27001 and the HIPAA Security Rule requirement for incident response. Let’s review your SIR plan and status before there’s an incident.



Policies & Procedures make you look good when tight and right.
Feel confident in your documentation? Able to point to how an employee can uphold your company’s privacy and infosec program? Talk to us about how to assure your documentation is up to date and supports compliance. It’s the underpinning of your infosec and privacy programs.

Think of the Security Risk Analysis as your internal due diligence.


Security Risk Analysis

How strong is your infosec program?

No matter what industry – healthcare, financial or technology – a regularly scheduled, top-to-bottom security risk analysis (aka SRA) is essential to a healthy infosec program. Streamline ISO and HIPAA compliance efforts, plus know where and how to close security gaps.

Think of an SRA as due diligence. Even mitigated security risks can become vulnerabilities again. Technology evolves constantly. Employees come and go. Devices get lost or stolen.

It’s show and tell time. Let your customers and partners know that you take data security and regulatory compliance seriously.

Schedule your security risk analysis today.

Compliance Planning

How well does your compliance program measure up?

OCR recommends 5 features in every compliance program. We’ll help you put all of the right components, resources, and a solid action plan into play. Tackle risk mitigation + risk management? Training materials + delivery direction? Plans + audits? You’ll be set.

Need a privacy and security compliance officer? Yes, we can help you there, too.

Let’s draw the road map that helps you drive compliance.


CALL US NOW to see how we can help you get through a data breach, audit, and more: (503) 384-2538