M&A Due Diligence

Pre and Post-Acquisition Services

Pre-Acquisition

Created specifically for private equity and venture capital firms involved in healthcare mergers and acquisitions.

Intraprise Health understands the need to know potential risks, exposures and vulnerabilities when considering an acquisition. Through our tech-enabled Baseline Privacy and Security Assessment, we provide you with the information to make more informed decisions. Our investment committee-ready reports provide you with an overview of observations and findings, identified and prioritized risks, mitigation steps and associated high-level costs. As we know time is of the essence, our reports can be completed and delivered within 30 days.

Baseline Privacy and Security Assessment Includes:
  • Security and Privacy Controls (includes HIPAA)
  • Vulnerability Exposure Assessment
  • Security Architecture Review
  • Security Breach Analysis
Tech-Enabled Services Approach
  • Intraprise Health Assessors utilize the HIPAA One® SRA-automation platform to perform the assessment and accelerate completion
  • Assessment Findings and Final Report
  • Scorecard ratings for major areas of focus
  • Analysis of technology security “debt”
  • Typical assessment timeline (30 days)
Additional Services:
  • Penetration Testing
  • Software Code Review
  • IoT security assessment for medical device companies (using industry standard-based approach)
  • Map findings to NIST and/or HITRUST Cybersecurity Framework
Contact us to learn more

Post-Acquisition

Created specifically for private equity and venture capital firms that are interested in strengthening the security posture of their portfolio companies.

Intraprise Health has a proven track record of working with companies to assess, enhance and certify their cybersecurity, privacy and compliance programs. We are A-rated by KLAS and offer a full suite of professional services and risk management software products. The following chart shows are areas of focus including tech-enabled services platform, BluePrint Protect™.

Intraprise Health Security Services and Software
Security Essentials Programs for Portfolio Companies

HIPAA One® Security Risk Assessments

Purpose-Built
A security risk assessment (SRA) identifies risks and vulnerabilities that can leave an organization susceptible to a data breach or lack of compliance with security and privacy requirements. Organizations have access to an online assessment, identification of required regulatory controls, vetted policy and procedure templates, OCR Audit readiness checklist, a central repository for all of their documentation and a remediation management module to automate their entire assessment and remediation lifecycle for a cost-effective annual fee. Through our tech-enabled services approach, clients can also leverage our security experts to facilitate assessment completion or to perform an external, third-party validated assessment. Our three SRA options are shown below.

Scalable ROI
By leveraging the HIPAA One platform clients have immediate access to all previous assessment and remediation information. Most clients realize a significant work effort and cost benefit when performing subsequent assessments.

HITRUST Certification

Intraprise Health is one of the longest tenured HITRUST Certified Assessors. We are members of both the elite HITRUST National Assessor Council and the Quality Assurance Subcommittee, which informs quality standards and best practices for the certification process. Our HITRUST Services utilize a proven methodology designed for IT and security professionals charged with leading their HITRUST certification programs. We have served hundreds of clients ranging from early to growth stage companies all the way to multi-billion enterprises, and all manner of companies in between. Find out more about our HITRUST Services or watch our HITRUST Essentials webinars to learn more.

vCISO

Many portfolio companies have occasional needs for part-time or supplemental security program leadership. Our Virtual Chief Information Security Officers (vCISOs) are senior security consultants that provide program design, roadmap development and execution capabilities to companies looking to enhance their security, privacy and compliance programs. With the ability to interact with IT, engineering, business unit leaders, as well as, senior executives our vCISOs will align the security program to your business objectives within the budgetary capabilities of your portfolio companies. Find out more about our vCISO Services.

Remediation Services

Once an organization has performed a cybersecurity assessment, it is essential that it properly remediate gaps and risks discovered during the assessment. Effectively remediating risks is critical to avoid a data breach, mitigate cyber threats and to demonstrate compliance with regulatory requirements. For most security and IT teams this can be a difficult exercise to perform while also being quite time consuming and costly. Our comprehensive set of Remediation Services, provided by certified and seasoned security experts, are designed to ease the complexity and accelerate time frame to close program gaps and resolve the cyber risks that threaten your business. Find out more about our Remediation Services.

Contact us to learn more