Meditology Services provides security and privacy risk assessment services designed for healthcare organizations. The service conducts security risk assessments using either the HITRUST CSF or the NIST Cybersecurity Framework (NIST CSF). Privacy risk assessments are performed using the HIPAA Privacy Rule, OCR Audit Protocol, HITRUST privacy controls, NIST 800-53 privacy controls, and applicable state laws. The service supports compliance requirements for regulatory bodies including HIPAA and OCR, and provides assessments for executives, boards, security managers, and implementation staff. Meditology can assist with EHR system certification for organizations participating in Meaningful Use and MACRA programs. The company serves as OCR's HIPAA expert witness firm and has experience with OCR's HIPAA security rule risk assessment, investigation, and enforcement processes. The team includes professionals with certifications such as CISSP, CEH, CISA, HCISPP, CIPP, OSCP, PCIP, CPHIMS, CPISM, GSEC, CCNA, and HITRUST. Team members have operational experience as Chief Information Security Officers, Chief Privacy Officers, and IT Directors in healthcare organizations. The service provides benchmark comparisons to other healthcare organizations of similar size and complexity.