M&A Cybersecurity Due Dilligence

Pre and Post-Acquisition Services



Created specifically for private equity and venture capital firms involved in healthcare mergers and acquisitions.

Intraprise Health understands the need to know potential risks, exposures and vulnerabilities when considering an acquisition. Through our tech-enabled Baseline Privacy and Security Assessment, we provide you with the information to make more informed decisions. Our investment committee-ready reports provide you with an overview of observations and findings, identified and prioritized risks, mitigation steps and associated high-level costs. As we know time is of the essence, our reports can be completed and delivered within 30 days.

Baseline Privacy and Security Assessment Includes:

  • Security and Privacy Controls (includes HIPAA)
  • Vulnerability Exposure Assessment
  • Security Architecture Review
  • Security Breach Analysis

Tech-Enabled Services Approach

  • Intraprise Health Assessors utilize the HIPAA One® SRA-automation platform to perform the assessment and accelerate completion
  • Assessment Findings and Final Report
  • Scorecard ratings for major areas of focus
  • Analysis of technology security “debt”
  • Typical assessment timeline (30 days)

Additional Services:

  • Penetration Testing
  • Software Code Review
  • IoT security assessment for medical device companies (using industry standard-based approach)
  • Map findings to NIST and/or HITRUST Cybersecurity Framework



Created specifically for private equity and venture capital firms that are interested in strengthening the security posture of their portfolio companies.

Intraprise Health has a proven track record of working with companies to assess, enhance and certify their cybersecurity, privacy and compliance programs. We are A-rated by KLAS and offer a full suite of professional services and risk management software products. The following chart shows are areas of focus including tech-enabled services platform, BluePrint Protect™.

Intraprise Health Security Services and Software

Security Essentials Programs for Portfolio Companies

HIPAA One® Security Risk Assessments

A security risk assessment (SRA) identifies risks and vulnerabilities that can leave an organization susceptible to a data breach or lack of compliance with security and privacy requirements. Organizations have access to an online assessment, identification of required regulatory controls, vetted policy and procedure templates, OCR Audit readiness checklist, a central repository for all of their documentation and a remediation management module to automate their entire assessment and remediation lifecycle for a cost-effective annual fee. Through our tech-enabled services approach, clients can also leverage our security experts to facilitate assessment completion or to perform an external, third-party validated assessment. Our three SRA options are shown below.

Scalable ROI
By leveraging the HIPAA One platform clients have immediate access to all previous assessment and remediation information. Most clients realize a significant work effort and cost benefit when performing subsequent assessments.

Self Assessment

Independently Conduct your Risk Assessment

Self SRA Includes:

  • Kick-Off call
  • Assessor Support
  • Access to policy and procedure template library
  • Customer independently conducts assessment & remediation planning
  • Customer signs final report

Facilitated Remote Assessment

Online Assistance to Conduct your Risk Assessment

Remote SRA Includes:

  • Kick-Off call
  • Assessor Support
  • Access to policy and procedure template library
  • Assessment responses and remediation plan reviewed by Assessor
  • Assessor signs final report

Validated Assessment

Assessor-led Risk Assessment

Validated SRA Includes:

  • Evidence based findings validated by Assessor
  • Historical trend analysis of previous HIPAA SRA’s
  • Access to policy and procedure template library
  • Physical walk-through guidance
  • Criticality levels based on Common Vulnerability Scoring System (CVSS)
  • Executive and Technical Presentation
  • HIPAA Security Risk Assessment (optional)

Every Privacy Risk Assessment incorporates OCR Audit Protocol, HIPAA state specific regulations, 42 CFR Part 2 (SAMHSA) and maps findings to the NIST Privacy Framework

HITRUST Certification

Intraprise Health is one of the longest tenured HITRUST Certified Assessors. We are members of both the elite HITRUST National Assessor Council and the Quality Assurance Subcommittee, which informs quality standards and best practices for the certification process. Our HITRUST Services utilize a proven methodology designed for IT and security professionals charged with leading their HITRUST certification programs. We have served hundreds of clients ranging from early to growth stage companies all the way to multi-billion enterprises, and all manner of companies in between. Find out more about our HITRUST Services or watch our HITRUST Essentials webinars to learn more.

Remediation Services

Once an organization has performed a cybersecurity assessment, it is essential that it properly remediate gaps and risks discovered during the assessment. Effectively remediating risks is critical to avoid a data breach, mitigate cyber threats and to demonstrate compliance with regulatory requirements. For most security and IT teams this can be a difficult exercise to perform while also being quite time consuming and costly. Our comprehensive set of Remediation Services, provided by certified and seasoned security experts, are designed to ease the complexity and accelerate time frame to close program gaps and resolve the cyber risks that threaten your business. Find out more about our Remediation Services.

Contact us to learn more


Ready to get started? Have questions for our HITRUST, HIPAA or security teams?

We’re happy to help.