Skip to Main Content

HIPAA risk assessment helps a CCRC strengthen its compliance


A private, not-for-profit CCRC in New England sought to revisit its compliance with the HIPAA Privacy, Security, and Breach Notification rules. Looking to understand gaps in policies and procedures and to strengthen culture and awareness of HIPAA in healthcare operations, the CCRC came to BerryDunn for a HIPAA risk assessment.


Working with a HIPAA Task Force and other stakeholders to create a clear picture of current HIPAA compliance and to define improvement opportunities, BerryDunn’s healthcare consultants:

  • Reviewed existing policies, procedures, the technology environment, and other relevant information
  • Facilitated on-site work sessions to understand compliance strengths, challenges, and opportunities for improvement
  • Conducted a review of findings and recommendations and discussed next action steps


BerryDunn produced a HIPAA risk assessment that helped the CCRC prioritize short- and long-term efforts to strengthen compliance based on risk level. Our healthcare consultants collaborated with the CCRC leadership to cultivate a culture of continued training and awareness to improve compliance among the workforce.

The CCRC was then able to identify which policies and procedures were out of date, what to prioritize,  and how to increase workforce awareness and strengthen safeguards of resident protected health information (PHI).

Related Services


Organizational and Governance

Related Professionals


BerryDunn experts and consultants