NDB offers fixed-fee SOC 2 HIPAA audit reports & assessments consisting of SOC 2 Type 1 and SOC 2 Type 2 audits for organizations seeking compliance with the Health Insurance Portability and Accountability Act (HIPAA). Ensuring the safety and security of Protected Health Information (PHI), Personally Identifiable Information (PII), and other forms of highly confidential consumer/patient data is now more important than ever.

Additionally, many of today’s main healthcare exchanges and large insurance carriers are requesting SOC 2 HIPAA reports from their downstream providers, which consist of thousands of organizations offering various healthcare related services.

From Third-Party Administrators (TPA’s) to claims and medical billing organizations, SOC 2 HIPAA audit assessments – both Type 1 and Type 2 – are becoming commonplace in the broader healthcare industry. NDB, one of North America’s leading providers of SOC audits (i.e., SOC 1 SSAE 18, SOC 2, and SOC 3), offers fixed-fee SOC 2 HIPAA audit reports for organizations all across North America.

Additionally, we’ve built a proven audit methodology that saves hundreds of hours and thousands of dollars, thanks to years of experience with HIPAA and regulatory compliance. NDB’s SOC 2 HIPAA assessment services consist of the following:

SOC 2 HIPAA Scoping & Readiness Assessments

It’s important to understand that when performing a SOC 2 HIPAA assessment, you’ll need to determine scope. For example, is your organization just seeking to validate compliance with the HIPAA Security Rule Safeguards of 164.308 to 164.316, or are you also looking to comply with the HIPAA Privacy rule also. And then there’s also the HITECH Act. Scope is important as it ultimately dictates cost and time commitments for such an engagement, so talk to the SOC 2 HIPAA experts today at NDB. Please contact Chris Nickell, CPA, at This email address is being protected from spambots. You need JavaScript enabled to view it., or call him at 1-800-277-5415, ext. 706.

Once you’ve determined what the actual scope of your SOC 2 HIPAA audit will be, it’s then time to begin a much-needed scoping & readiness assessment. That’s where NDB can assist, essentially identifying what gaps exist within your internal controls structure, and then also providing much-needed recommendations on remediation.

We’ve performed dozens of SOC 2 HIPAA engagements and are ready to assist your organization today. Many of the top healthcare exchanges/providers are now requiring downstream service providers to become SOC 2 HIPAA compliant – and even SOC 2 HITRUST compliant – and NDB can assist, offering pre-audit readiness services at fixed-fees.

SOC 2 Remediation Services

Many times, remediation is often necessary for SOC 2 HIPAA compliance. Perhaps it’s technical controls that need to be re-worked, or its documentation needs. The point is this – almost every service organization undertaking SOC 2 HIPAA compliance will need to perform some type of remediation – how much – that ultimately depends on one’s internal controls and how mature they are.

Businesses can spend just a few hours on remediation, or possibly a few months, it’s a question that’s difficult to answer and assess until you’ve performed all necessary remediation services identified during the SOC 2 HIPAA scoping & readiness assessment. Please contact Chris Nickell, CPA, at This email address is being protected from spambots. You need JavaScript enabled to view it., or call him at 1-800-277-5415, ext. 706 to learn more about SOC 2 HIPAA reporting.

SOC 2 HIPAA Type 1 Audits

The traditional path for service organizations new to SOC 2 compliance is to begin with a SOC 2 Type 1 assessment, then move on in subsequent years to a SOC 2 Type 2 auditing period – and assessment. It’s important to note that a SOC 2 Type 1 assessment is a point-in-time, while a SOC 2 Type 2 assessment is over a test period, generally six months, but sometimes shorter, and sometimes longer.

SOC 2 HIPAA Type 2 Audits

After successfully completing a SOC 2 Type 1 HIPAA audit, most, if not all, organizations move forward with annual SOC 2 Type 2 reports, and for some obvious reasons. First and foremost, Type 2 reports are performed over an agreed upon test period, generally six months. This allows for intended users of such reports to gain a much stronger understanding of a service organization’s control environment as opposed to SOC 2 Type 1 reports. NDB has performed hundreds of healthcare compliance audits over the last decade, so talk to us today about your SOC 2 HIPAA reporting needs.