“What is HITRUST?” is typically the first question asked of Linford by organizations exploring HITRUST for the first time. Formerly, HITRUST stood for Health Information Trust Alliance but recently it rebranded to simply HITRUST to align with changes to the “framework” making it industry agnostic (more below). HITRUST is an organization and a security framework. […]
About L&Co Staff Auditors

Linford & Co., LLP, founded in 2008, is comprised of professional and certified auditors with specialized expertise in SOC 1, SOC 2, HIPAA, HITRUST, FedRAMP and royalty/licensing audits. Our auditors hold CPA, CISA, CISSP, GSEC licenses and certifications. Learn more about our company and our leadership team.
What is the Scope of HIPAA Compliance?
The first step in conducting a HIPAA security compliance audit is to “take inventory” of the electronic protected health information (ePHI) environment.
HIPAA Risk Assessment: Security Compliance vs Risk Analysis – What is the Difference?
Throughout 2018 and 2019, the OCR has identified the failure to conduct and adequate risk assessment as a key finding in nearly half of their settlements. Making it the largest single source of identified HIPAA violations. Many organizations undergo some level of third party reporting on their compliance with the HIPAA security rule. Generally these […]
2019 HIPAA Wall of Shame: Recent Security Breaches & Examples for Companies to Learn From
If you’re already following HIPAA compliance-related news, you’re probably already familiar with the “Wall of Shame.” If you’re just getting started, read on. The HIPAA Breach Notification Rule requires Covered Entities and Business Associates to report breaches of protected health information (PHI) to the U. S. Department of Health and Human Services (HHS).
HIPAA Business Associate Agreements
A recent settlement between the US Department of Health and Human Services’ Office of Civil Rights (OCR) and an orthopedic clinic highlights the importance of executing a HIPAA business associate agreement with appropriate third party services providers.
Providing Royalty Audits to a New Market: Cable Subscriber Audits
Linford and Company is now bringing our royalty audit expertise to the television network market by providing cable subscriber audits.
The Security Risk Analysis and HIPAA Compliance
The HIPAA Security Rule places a great deal of emphasis on the importance of the security risk analysis—so much so that it was positioned front-and-center as an implementation specification under first standard in the first section of HIPAA. The requirement to complete a security risk analysis is under the Security Management Process standard in the […]
The HIPAA Contingency Plan
One of the areas we review on all audits and assessments of the HIPAA Security Rule is HIPAA’s requirements concerning contingency plans.
Using the SOC 2 Report for Health Care Industry Assurance
In a press release dated December 17, 2015, the AICPA announced that it had collaborated with the Health Information Trust Alliance (HITRUST) to develop an illustrative SOC 2 report useful to health care industry service organizations that must demonstrate compliance with HIPAA’s security requirements
What is an “AT 601 HIPAA” Report?
Entities seeking to demonstrate Health Insurance Portability and Accountability Act (HIPAA) compliance to their customers and potential customers have several options available.