The Info@Risk team has now joined BPM LLP (effective July 1, 2017). Visit us at our new page by clicking here or wait and you will be automatically redirected in 30 seconds.


The Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, form the basis of federal healthcare information privacy and security rules. In order to fulfill our requirement as a HIPAA business associate Info@Risk follows the International Organization of Standards (ISO) codes of practice for handling sensitive information, and utilizes best standards and testing processes based on the National Institute of Standards and Technology (NIST).

As an assessment-only service provider, Info@Risk provides health care institutions with the confidence of a truly objective assessment of their regulatory compliance and information security controls. Info@Risk’s services include both comprehensive and targeted controls testing, as well as Risk Assessment implementation and reviews of documented information security policies and procedures to guide information security program development.