HIPAA Compliance for International Healthcare Services

Context

A growing healthcare services organization with operations in the United States and support relationships in Latin America needed to strengthen its HIPAA compliance foundation before taking on broader assurance work. Its environment included Microsoft products, AWS workloads supporting both PHI and non-PHI projects, and external partner relationships that required vendor risk review. Leadership needed a clear picture of security posture, prioritized risk, and practical next steps that would improve compliance without slowing the business. 

Our Approach

ResilientTech Advisors led a focused HIPAA Security Risk Assessment and compliance foundation effort built to establish scope, assess safeguards, and define a practical remediation path. Key actions included: 

  • Defining the HIPAA SRA scope and system inventory, including identification of systems handling ePHI.
  • Developing a data flow and asset view to clarify where regulated information was stored, processed, and accessed.
  • Assessing technical safeguards across AWS, Microsoft 365, Intune, and Defender, with attention to encryption, endpoint security, access controls, and backup and recovery considerations.
  • Reviewing administrative and physical safeguard coverage and documenting gaps, ownership, and required follow-up actions.
  • Conducting focused vendor risk review activities for cross-border partner relationships relevant to regulated data handling.
  • Building a risk register with prioritized findings, risk ratings, evidence references, ownership assignments, and 30/60/90-day remediation actions.
  • Delivering an executive summary deck that translated technical and compliance observations into a concise leadership view of posture, risk, and next steps.

Impact

  • Reduced HIPAA risk exposure by 30% by identifying critical gaps, validating safeguards, and establishing a prioritized remediation path.
  • Delivered a documented HIPAA security baseline spanning administrative, physical, technical, and vendor-related safeguards.
  • Equipped leadership with a clear executive-level view of compliance posture, prioritized risks, and actionable next steps.
  • Created a practical foundation for future assurance work by sequencing HIPAA first and aligning the organization for later SOC 2 readiness activity.

Related Services

  • Compliance & Assurance
  • Cyber Risk & Strategy
  • Security Engineering & Operations
  • Embedded Cyber Leadership

“The work and the support were excellent. The engagement gave us a much clearer understanding of our HIPAA risk posture and what needed to happen next.” 

Chief Technology Officer, Healthcare Services Organization

This engagement reflects ResilientTech Advisors’ ability to assess HIPAA risk, translate technical and compliance complexity into executive clarity, and build a strong foundation for future assurance and security program maturity.