Healthcare Industries

Ensuring Privacy, Compliance, and Security

At Guidepost, we specialize in providing comprehensive and cutting-edge solutions tailored to the unique needs of the healthcare industry. Our commitment to excellence enables healthcare organizations to navigate the ever-evolving regulatory landscape with confidence. Trust us to safeguard your operations, protect sensitive information, and mitigate risks at every turn.

Contact Us

hospital sign on the outside of a building

The Guidepost Difference:

We collaborate closely with our clients throughout the entire process, from intake to achieving a successful resolution, recognizing the importance of working directly with the individuals who are handling your situation. We provide rapid and skilled responses based on extensive international and domestic experience. Our capability to address multiple complex matters faced by healthcare providers simultaneously allows us to scale our support as per your requirements, enabling parallel work on various issues, such as data privacy, DEA compliance programs, physical security assessments, and cybersecurity.

Learn More

a stethoscope rests on top of a laptop keyboard

Privacy Program +  Reviews

Ensuring that your organization is compliant with regulatory requirements and industry standards for information security and privacy is essential. Increasingly, customers, investors, regulators, auditors, and others are requiring evidence of a 3rd party assessment, audit, or certification to provide assurance that data privacy, information security, and regulatory compliance are of paramount importance to you.

But completing a 3rd party assessment is a daunting and complex endeavor. Our team understands how Health Insurance Portability and Accountability Act (HIPAA) compliance, Health Information Trust Alliance (HITRUST) certification, Service Organization Control 2 (SOC 2) audits, and other evaluations against established frameworks and standards are critical to an organization’s success.

From large, global organizations to startup, virtual healthcare providers, our insight into regulations and compliance leads to successful first-time certification submissions and audits, which ultimately produces a more secure organization. While regulations and standards are a one-size-fits-all, your business is unique. We will customize the security and privacy control baselines through a variety of factors including organization type, size, systems, and regulatory requirements for achieving enhanced security and compliance.

We have design and implementation experience related to the following privacy program components:

  • PI/PHI inventory and mapping
  • Data Protection Impact Assessments (DPIA)
  • Data Minimization
  • Privacy Rights Request Management (DSAR)
  • Customer Identity and Access Management (CIAM)
  • Privileged Access Management (PAM)
  • Identity Access Management (IAM)
  • GRC tools and automations for continuous monitoring, audit, compliance and risk management
  • Privacy Control Design
  • Third Party Privacy Compliance
  • Business Continuity and Disaster Recovery (BCDR)
  • Ransomware Prevention

Information Security Frameworks + Readiness Exams

We have helped guide many companies through the process of preparing for and completing a successful information security and privacy compliance review. By conducting a readiness assessment, we examine potential points of failure, remediate any control gaps, and anticipate potential problems. For example, our thorough readiness assessments will reduce the risk of wasting valuable resources on a HIPAA/HITECH review, HITRUST assessment, a SOC2 audit, or a PCI QSA audit before control gaps are remediated, costing you additional time and money.

Our team examines your business requirements and considers the different federal, state, and local laws that apply to your organization. We then assess the state of your current processes and procedures, evaluate your IT infrastructure and controls, and determine your readiness for HIPAA/HITECH review, HITRUST assessment, SOC2 audit, or PCI audit. Our readiness preparation is transparent and actionable because we know the complexity of day-to-day IT and security operations. We deliver customized recommendations to ensure you fully understand how to achieve success.


  • SOC 1, SOC 2, SOC 3
  • NIST CSF/800 Series
  • CIS
  • ISO
  • NYDFS Part 200/Part 500
  • GDPR
  • And more

We have design and implementation experience related to the following information security program components:

  • Asset Inventory
  • Endpoint Management
  • Penetration Tests
  • Data Protection Programs
  • Vulnerability Management
  • Network Security
  • Incident Response Management
  • Secure Software Development
  • Security Posture Assessments
  • Cloud Security Assessments
  • Customer Identity and Access Management (CIAM)
  • Privileged Access Management (PAM)
  • Identity Access Management (IAM)
  • GRC tools and automations for continuous monitoring, audit, compliance and risk management
  • Security Risk Management
  • Business Continuity and Disaster Recovery (BCDR)
  • Ransomware Prevention

Contact Us

Anti-Kickback + Stark Act Consulting

At Guidepost, we specialize in providing comprehensive consulting services tailored to meet the unique needs of healthcare providers. Our expertise lies in offering Federal Anti-Kickback Statute (AKS) and Physician Self-Referral Law (Stark Act) compliance advice, ensuring that your organization remains fully compliant with these critical regulations. With the potential for costly civil and criminal penalties, it is essential to have the right guidance and support in place. Our team of seasoned professionals excels in conducting fair market valuations for Management Service Organizations (MSO) fees, enabling you to navigate the complex landscape with confidence.

In addition to our focus on anti-kickback and Stark Act compliance, we also assist healthcare providers in establishing robust policies and procedures for a range of critical areas. From Privacy/HIPAA and information security to False Claims Act and anti-kickback/Stark Act controls, we ensure that your organization is equipped with the necessary safeguards to mitigate risks and promote a culture of compliance.

When it comes to investigations and additional steps required for compliance, our team stands ready to support you. We possess a deep bench of investigators, lawyers, and researchers with broad geographic reach, ensuring that we have the necessary capabilities to assist you at every stage. Whether it is conducting interviews, delving into computer forensics, or utilizing advanced data mining techniques, we bring together a multidisciplinary team that combines technical expertise and legal acumen. With our comprehensive range of services and a steadfast commitment to your success, we are your trusted partner in achieving and maintaining compliance with federal regulations.

DEA Regulatory Compliance

Navigating the complex landscape of DEA regulations is no easy task. We specialize in providing tailored compliance strategies that ensure your operations are in full adherence with stringent regulatory requirements. Our DEA Regulatory Compliance practice is made up of nationally respected, multi-disciplinary experts in the Controlled Substances Act (CSA) and the Code of Federal Regulations (CFR). The team includes former DEA attorneys and compliance experts, Diversion Investigators, and Special Agents. Our experts can outline the appropriate steps to ensure fulfillment of the regulatory requirements of a DEA registration and help avoid the financial and reputational risk that can result from noncompliance, including potential enforcement actions.

  • Anti-diversion program compliance assessments
  • Anti-diversion program development
  • Suspicious order monitoring system (SOMS) evaluations
  • Controlled Substance Act (CSA) due diligence investigations
  • Customized background investigations
  • Mock DEA inspections, site visits, and audits
  • DEA regulatory compliance employee training
  • DEA registration application assistance for new DEA registrants
  • Physical security assessments

Learn More

Compliance + Monitorships

Comprehensive compliance consulting and compliance monitoring services, including both proactive ethics and compliance program reviews and compliance monitoring services mandated by government authorities. Our experience acting as an independent monitor is unparalleled and we can provide the necessary oversight to help an organization satisfy regulatory obligations to restore integrity, protect your reputation, and maintain compliance with industry standards.

We provide:

  • Ethics + Compliance Program Reviews
  • Code of Ethical Conduct Assessments
  • Privacy under HIPAA and HITECH ACT
  • Information Security: ISO27001, NIST CSF/800 Series, CIS
  • Readiness Assessments and Audits: HIPAA/SOC2/HITRUST
  • Fraud and Abuse/Anti-Kick Back Statute/Stark Act Consulting
  • False Claims Act Compliance
  • Virtual Healthcare Compliance
  • Clinical and Database Research
  • Divestiture Monitoring Trustee
  • Enterprise Risk Management Program
  • Independent Assessment + Audits

Investigations + Due Diligence

Swiftly and discreetly respond to any potential misconduct within your organization. We uncover the facts in complex, often multi-national, investigations utilizing comprehensive desktop, field, and cyber investigation methods. Whatever the context of the investigation, we tackle each assignment with the objective of providing you with the information required to make informed decisions, solve problems and protect assets.

Our team includes licensed investigators with experience working as federal and local prosecutors and law enforcement agents; digital forensic experts; forensic accountants; data and intelligence analysts; and former federal agents from the U.S. Department of Homeland Security, the Federal Bureau of Investigation, the Internal Revenue Service, the U.S. Secret Service, and the U.S. Marshal Service. Some have been called upon to testify as experts in federal and state courts.

Our capabilities, relationships and tools, allow us to effectively undertake any scope of investigation – nationwide and around the world – on a moment’s notice.

Risk Assessment

Identify and mitigate risks before they escalate into costly incidents. Our comprehensive risk assessments evaluate potential vulnerabilities, providing actionable insights to enhance your organization’s resilience and ensure optimal protection of patient information and critical assets. We can conduct risk assessments as part of a readiness evaluation for audits like SOC2 or HITRUST, or in response to requirements under the HIPAA Security Risk Rule or HITECH Breach Notification rule. Our team can review existing operational policies and procedures, codes of conduct, physical security, and regulatory compliance requirements.

Physical Security Consulting

From securing physical infrastructure and implementing access control measures to designing security operations centers (SOCs) or security command centers and managing security operations, creating SOPs, post orders, training manuals and protocols, our experts deliver tailored solutions that fortify your facilities. We analyze your unique requirements and design robust security protocols to safeguard against unauthorized access, theft, and breaches, creating a safe and secure environment of care for staff and patients alike. Our experts are skilled in crime prevention through environmental design (CPTED) and work in compliance with but contribute to the development of IAHSS healthcare security industry and security design guidelines as well as ASIS International security standards and their Protection of Assets (POA) collection ensuring current, accurate, and practical treatment of the broad range of asset protection subjects, strategies, and solutions. We provide the guidance and experience needed to plan, design, and manage every aspect of physical security programs by conducting security vulnerability and hazard vulnerability assessments for your facilities.

Learn More

Economic Damages + Valuations

The Guidepost Economic Damages + Valuation team provides comprehensive and understandable solutions to complex financial issues encountered during the course of litigated and non-litigated economic damage and business valuation matters. Our team includes certified public accountants, forensic accountants, business valuation and finance specialists, business intelligence experts, and forensic computer experts. Once a matter is evaluated, we call on those with the skills that are the most appropriate for the specific engagement.

We provide game-changing intelligence to support our findings in our damage analyses and business valuation reports. Our highly sophisticated damage models, expert and valuation reports, and expert testimony enhance the chances of a successful result for you, especially in instances where the opposing party takes great pains to minimize or hide assets, or understate or overstate financial statements, tax returns, and other filings.

Case Studies

Select Healthcare Experience

Whether you face a challenge or opportunity, we keep you moving forward to focus on delivering exceptional healthcare services while we handle the complexities of compliance, privacy, risk mitigation, and security. Experience the peace of mind that comes with knowing your organization is defended against threats, enabling you to deliver quality care with confidence. Our proven expertise, dedication, and unwavering commitment to excellence make us the ideal choice for the healthcare industry.