TMCnet News

Schellman Introduces HIPAA Express: A Risk-Based Assessment Designed Specifically for Healthcare Providers
[September 21, 2022]

Schellman Introduces HIPAA Express: A Risk-Based Assessment Designed Specifically for Healthcare Providers

Schellman, a leading provider of attestation and compliance services, is pleased to announce the introduction of HIPAA Express, a new service offering aimed at reducing the risk of data breaches and ransomware attacks for large healthcare systems and regional healthcare providers.

Having conducted fully detailed HIPAA examinations for business associates over the last 15 years, Schellman has a proven methodology for making that process as efficient and effective as possible. But due to the heightened interest among providers that need that same level of expertise but with a more focused approach at a more modest investment level, Schellman now offers this new right-sized service.

Through this third-party assessment, Schellman can help these organizations protect the considerable amount of sensitive data they maintain, identify evidence of due diligence to comply with HIPAA, and set them up for success in the event of an OCR audit-with the potential to even reduce fines resulting from an OCR breach investigation.

"Healthcare organizations are increasingly being targeted by attackers due to the value of the data in an individual's health record. The impact of a breach of PHI can be devastating. You might get hit with large fines and you have to deal with the loss of customer confidence," said Doug Kanney, Schellman Principl, and practice leader of the firm's HITRUST and HIPAA service lines. "But going through an external assessment focused on compliance with HIPAA is a fantastic way to show due diligence to the OCR and internally helps reduce risk. Plus, you still have coverage over the HIPAA requirements, but at a level that doesn't make this assessment cost prohibitive."

With over 90% of OCR enforcement actions calling out an insufficient HIPAA Risk Analysis / Risk Management program, Schellman made this area a focal point of the HIPAA Express assessment. Now that the service is live, the firm is eager to get started with easing anxiety for healthcare providers and systems.

"We are excited to add HIPAA Express to our robust compliance portfolio," said Avani Desai, Schellman CEO. "This new service offering will assist our clients in meeting the challenge of today's increased regulations and risk management needed to comply with HIPAA and an OCR audit."

Schellman's new offering includes a workshop and meetings with various levels of an organization, as well as a report that details the summary letter, scope of the environment, details around the essential elements of the HIPAA Security Risk Analysis and Risk Management processes, a table showing the compliance status of requirements, and a detailed description of any findings from the assessment. The entire HIPAA Express process typically takes one to two weeks, depending on the size of the organization, and costs $15,000 - $30,000 on average.

For more information about HIPAA Express, please visit

About Schellman:

Schellman is a leading global provider of attestation, compliance, and certification services. Operating as an alternative practice structure as Schellman & Company, LLC, a top 100 CPA firm, and Schellman Compliance, LLC, a globally accredited compliance assessment firm, we can offer clients services as a CPA firm, an ISO Certification Body, a PCI Qualified Security Assessor Company, a HITRUST assessor, a FedRAMP 3PAO, and as one of the first CMMC Authorized C3PAOs.

Renowned for expertise tempered by practical experience, Schellman's professionals provide superior client service balanced by steadfast independence. Schellman's approach builds successful, long-term relationships and allows our clients to achieve multiple compliance objectives using a single third-party assessor. For more information, please visit

[ Back To's Homepage ]