The Drummond Group


For more information, contact

The HIPAA Security Rule established the requirement for organizations to implement ongoing and proactive security of their information systems environment to ensure the confidentiality, integrity, and availability of systems containing electronic protected health information. But in the years since HIPAA was enacted, regulatory enforcement in the healthcare industry has changed significantly.

The introduction of ARRA and HITECH in 2009 created an avenue for IT security and privacy professionals to gain acceptance for the programs they have been so valiantly trying to lead. The HHS data breach “Wall of Shame” has cast the light of truth onto the woeful state of controls across the industry. The OCR Random HIPAA Audit program is providing further insight into the state of compliance, and most importantly, the disconnect between the expectations of the enforcement agencies and the industry’s performance.

With more agencies such as the FTC and state and local governments jumping on the bandwagon of enforcement, organizations are more than ever committed to improving their security and privacy programs. As Meaningful Use Stage 2 introduces more robust requirements related to data protection, specifically, encryption methods and related controls around ePHI, organizations are turning to firms such as The Drummond Group to support their efforts.

Finally, the Omnibus Rule of 2013 reinforced the HIPAA security, privacy, and enforcement rules and confirmed that, indeed, the rules extend to those that service the healthcare industry. This widened arc of compliance has taken the industry by storm with numerous vendors improving their products to service the market. We are able to assist organizations through not only the compliance, security and privacy regulations, but navigate the products available to solve many of an organization’s most complex challenges.

The Drummond Group applies the principles of its basic framework and our reference methodologies to assist organizations in accomplishing their goals toward information assurance.


The Drummond Group is a recognized leader in healthcare IT security, privacy, and compliance. Our healthcare services provide clients with a complete security, privacy, and compliance roadmap grounded in the guidance published by the OCR, the HITRUST CSF, and numerous other standards such as NIST and CMS. The Drummond Group’s services are designed to allow clients to leverage our domain expertise and proven methodology to help develop, execute, and manage their security, privacy, compliance, and risk management programs.

The Drummond Group is committed to the healthcare industry and our team brings critical experience to bear for our clients. We are leaders, nationally and locally, contributing thought leadership and practical tools for the industry.

Some of the services we can help your organization with:

  • Risk Analysis according to 495.6(d)(15)(ii) for Meaningful Use
  • Risk Assessments – to identify potential risks and vulnerabilities to the confidentiality, integrity, and availability of information, systems, or critical data such as ePHI
  • HITRUST Certification or Readiness (Certified Assessor Since February 2010)
  • OCR HIPAA Audit Preparation
  • Self-Assessment SaaS Portal
  • Policy & Procedure Assistance

Speak with an assessment advisor today!

Contact Us