HIPAA Risk Analysis

HIPAA Risk Analysis

“Risk analysis is the first step in an organization’s Security Rule compliance efforts. Risk analysis is an ongoing process that should provide the organization with a detailed understanding of the risks to the confidentiality, integrity, and availability of e-PHI.”

 - HHS/OCR Final Guidance on Risk Analysis

How is our Risk Analysis different?

At HealthGuard, we don't just do risk analysis.  We build long-term customer relationships and trusted partnerships. Working with us gives you access to our experienced team and proven HHS/OCR approved process, leveraged by our proprietary DecipherRisk™️ platform, that delivers Open FAIR™️ based quantitative risk analysis and a continuous process for risk management that ensures you are HIPAA compliant now, and in the future.


of covered entities failed to substantially fulfill their regulatory responsibilities to safeguard ePHI they hold through risk analysis activities.

2016-2017 HIPAA Audits Industry Report - HHS/OCR


of covered entities failed to implement appropriate risk management activities sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.

2016-2017 HIPAA Audits Industry Report - HHS/OCR

Beyond the Risk Analysis

Not only do we provide quantitative risk analysis, but our team of experts also works with you after the analysis is done.  We provide continuous support to help you develop and implement a risk management plan that will reduce risk and vulnerabilities to a reasonable level. We work with you every step of the way to ensure that you are secure and compliant.

DecipherRisk™ software included with every HIPAA Risk Analysis.

Meet the Team

Apolonio "Apps" Garcia

Risk Quantification 


Apps has been working in healthcare cybersecurity and risk management for over two decades. He is the current Board President for the Society of Information Risk Analysts (SIRA) and past President of the Cincinnati ISSA chapter. He is an accredited instructor of the Open FAIR™️ risk analysis standard and has been performing quantitative risk analysis for healthcare customers for over a decade.

Terry Rapoch

Governance and 

Policy Advisor

Terry has over 30 years executive experience in risk management and analysis. Working in the communications industry, he developed strategies for protecting and restoring cable and cellular networks. He was a member of the Board of CareSource, a $10B managed care provider headquartered in Dayton, Ohio serving on and chairing its Risk and Compliance Committee.

Lynne Todorov 

Project Manager

Lynne has over 15 years of experience in retail operations management. She is responsible for all aspects of customer engagements including project management and customer success.

Johan Lidros

Lead Security and

Risk Assessor

Johan has over 20 years of IT audit and risk management experience. He regularly speaks on and advises healthcare clients in the areas of IT audit, IT risk management, IT governance and information security.

John Pennington

Data Transformation and

Analysis Support

John has over 15 years experience in software engineering.  He leads the DecipherRisk software development team which utilizes the Agile/Scrum methodology.

Planning your next HIPAA risk assessment? Find out how we can help.

Open FAIR™ is a trademark of The Open Group