This is a sample statement of work for a HIPAA Compliance Audit:

Fred Cohen & Associates (FCA) will perform a HIPAA Compliance Audit for Your Company (CLIENT) consisting of the following:

1) FCA will visit CLIENT sites in YOUR LOCATION and hold discussions with key personnel, make independent observations, and do select tests on a sampling basis to assess the HIPAA-related information protection posture of CLIENT.

2) Within 14 days of the completion of the site visit, FCA will provide a detailed review of what was observed and discussed at the site visit to CLIENT for its review.

3) Within 14 days of receipt of responses from CLIENT, FCA will provide a draft report to CLIENT consisting of:

• a one-page executive summary of the assessment
• a review of what was observed and discussed (approx. 15 pages)
• an assessment of CLIENT's protection posture relative to HIPAA requirements (approx. 15 pages)
• actions that CLIENT should contemplate to improve its HIPAA compliance over time.

  The assessment section will include coverage of all privacy and security related areas of the HIPAA final rule and the interpretations of that rule per the latest HHS documentation. Pre-payment of 35% of anticipated assessment costs will be required before start of work.

4) At the completion of the draft report, an invoice will be provided to CLIENT for services rendered. If minor report revisions are required, they will be provided over a period of three months at no added cost. If an in-person executive briefing is desired, one will be provided at an additional cost of $5000 plus expenses.

This proposal is valid for a period of 45 days from the date provided. All payments are due within 15 days of invoice.

The cost of this study will be $55,000 plus reasonable and usual expenses and costs of the in-person executive briefing if so desired. Total costs of this study are not to exceed $65,000. Prepayment of 35% of costs will be required prior to start of work.

This is a sample statement of work for a HIPAA Compliance Rapid Assessment:

Fred Cohen & Associates (FCA) will perform a HIP AA Compliance Rapid Assessment for Your Company (CLIENT) consisting of the following:

1) FCA will visit CLIENT sites in YOUR LOCATION and hold discussions with key personnel and rapidly tour facilities to assess the HIPAA-related information protection posture of CLIENT.

2) Within 7 days of the completion of the site visit, FCA will provide a detailed review of what was observed and discussed at the site visit to CLIENT for its review.

3) Within 7 days of receipt of responses from CLIENT, FCA will provide a draft report to CLIENT consisting of:

• a one-page executive summary of the assessment
• a review of what was observed and discussed (approx. 10 pages)
• a limited assessment of CLIENT's protection posture relative to HIPAA requirements (approx. 5 pages)

  The assessment section will include coverage of key privacy and security related areas of the HIPAA final rule and the interpretations of that rule per the latest HHS documentation.

4) At the completion of the draft report, an invoice will be provided to CLIENT for services rendered. If minor report revisions are required, they will be provided over a period of three months at no added cost.

This proposal is valid for a period of 45 days from the date provided. All payments are due within 15 days of invoice.

The cost of this study will be $25,000 plus reasonable and usual expenses and costs of the in-person executive briefing if so desired. Total costs of this study are not to exceed $30,000. Pre-payment of 50% of anticipated assessment costs will be required before start of work.