About L&Co Staff Auditors

Linford Team Icon

Linford & Co., LLP, founded in 2008, is comprised of professional and certified auditors with specialized expertise in SOC 1, SOC 2, HIPAA, HITRUST, FedRAMP and royalty/licensing audits. Our auditors hold CPA, CISA, CISSP, GSEC licenses and certifications. Learn more about our company and our leadership team.

ALL ARTICLES BY L&Co Staff Auditors:
HITRUST Framework

An Expert’s Guide to the HITRUST Framework

“What is HITRUST?” is typically the first question asked of Linford by organizations exploring HITRUST for the first time. Formerly, HITRUST stood for Health Information Trust Alliance but recently it rebranded to simply HITRUST to align with changes to the “framework” making it industry agnostic (more below). HITRUST is an organization and a security framework. […]

HIPAA risk assessment

HIPAA Risk Assessment: Security Compliance vs Risk Analysis – What is the Difference?

Throughout 2018 and 2019, the OCR has identified the failure to conduct and adequate risk assessment as a key finding in nearly half of their settlements. Making it the largest single source of identified HIPAA violations. Many organizations undergo some level of third party reporting on their compliance with the HIPAA security rule. Generally these […]

2019 HIPAA Security Breaches

2019 HIPAA Wall of Shame: Recent Security Breaches & Examples for Companies to Learn From

If you’re already following HIPAA compliance-related news, you’re probably already familiar with the “Wall of Shame.” If you’re just getting started, read on. The HIPAA Breach Notification Rule requires Covered Entities and Business Associates to report breaches of protected health information (PHI) to the U. S. Department of Health and Human Services (HHS).

What are the benefits of HITRUST certification?

Healthcare Security Compliance & The Benefits of HITRUST Certification

In previous postings we have talked about HITRUST certification and compliance requirements, understanding the HITRUST certification process, and scoring HITRUST CSF controls, but one question we hear constantly is, “What is the benefit of getting HITRUST certified?” Security Concerns in Healthcare & How to Alleviate Them Over the past few years, healthcare organizations have seen […]

HIPAA Compliance: Know Your Business Associate Agreements

HIPAA Business Associate Agreements

A recent settlement between the US Department of Health and Human Services’ Office of Civil Rights (OCR) and an orthopedic clinic highlights the importance of executing a HIPAA business associate agreement with appropriate third party services providers.

HIPAA Security Rules

HIPAA Security Rule Requirements & Implementation Specifications

Compliance with the requirements of the HIPAA Security Rule starts with understanding how it is constructed. The HIPAA Security Rule is part of the overall HIPAA Privacy and Security Rule and is comprised of standards and implementation specifications. Each Security Rule standard is a requirement: a covered entity must comply with all of the standards […]

2016 Security Year in Review

Now that 2016 has come to a close and we have started 2017, I wanted to take a moment to review some of the information security stories from last year, and provide some insight on how you can protect yourself from them in 2017 since those issues are not going away any day soon.

The Security Risk Analysis and HIPAA Compliance

The HIPAA Security Rule places a great deal of emphasis on the importance of the security risk analysis—so much so that it was positioned front-and-center as an implementation specification under first standard in the first section of HIPAA. The requirement to complete a security risk analysis is under the Security Management Process standard in the […]