Case Study 2
An OCR investigation of a PHI data breach meant a hospital and health system needed to respond quickly and fully to all agency requests.
See how we helped them respond
Case Study 3
This healthcare business associate needed to demonstrate compliance efforts to their hospital and healthcare system clients.
See how we helped them demonstrate compliance

Apgar & Associates' consulting expertise supports clients in privacy, information security, HIPAA, HITECH and regulatory compliance, plus preps organizations for the process of HITRUST, SOC2 and ISO Certification.

We are sad to share the news of Founder Chris Apgar’s untimely passing on December 11, 2021. Julia Huddleston, his wife and business partner, continues as principal to honor his legacy.
You can learn more here.



Do your clients want you to be HITRUST, SOC 2 OR ISO certified? Our certification prep gets you through the What + How of evidence collection and explicit requirements for each. Financial, healthcare provider, or technology business partner—you’ll be poised for certification success.

incident response icon


How solid is your security incident response plan? Is your incident response team trained? With our help, you’ll know who needs to do what, when, for every security incident. You’ll also comply with the ISO 27001 and the HIPAA Security Rule requirement for incident response.



Policies & Procedures make you look good when tight and right.
Feel confident in your documentation? Able to point to how an employee can uphold your company’s privacy and security program? Talk to us about how to assure your documentation is up to date and supports compliance.

Think of the Security Risk Analysis as your internal due diligence.


Security Risk Analysis

How strong is your information security program?

No matter what industry – healthcare, financial or technology – a regularly scheduled, top-to-bottom security risk analysis is essential to a healthy information security program. Streamline ISO and HIPAA compliance efforts, plus know where and how to close security gaps.

Think of it as due diligence. Even mitigated security risks can become vulnerabilities again. Technology evolves constantly. Employees come and go. Devices get lost or stolen.

It’s show and tell time. Let your customers and partners know that you take data security and regulatory compliance seriously.

Schedule your security risk analysis today.

Compliance Planning

How well does your compliance program measure up?

OCR recommends 5 features in every compliance program. We’ll help you put all of the right components and action plan into play. Tackle risk mitigation + risk management? Training materials + delivery? Plans + audits? You’ll be set. Need a privacy and security compliance officer?

Yes, we can help you there, too.

Let’s draw the road map that helps you drive compliance.


CALL US NOW to see how we can help you get through a data breach, audit, and more: (503) 384-2538