Vendor, Contract and Construction Audits

In today’s competitive environment, companies can gain a sustainable advantage through the review the significant number of transactions with outside vendors.   One easy and cost effective way for companies to ensure they receive the optimal value for their expenditures is to conduct vendor and construction audits for compliance and cost recovery. Our clients benefit in a variety of cost saving measures including:

  • Reimbursement from overcharges
  • Improvement in return on investment
  • Identification and mitigation of risks in contracts
  • Improvement in internal controls and processes
  • Standardization and enhancement of contracts
  • Enhancement in relationships with key business partners
  • Identification and establishment of preferred vendors

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability & Accountability Act requires that healthcare organizations such as healthcare providers, health plans, public health authorities, life insurers, information systems vendors, service organizations, and universities provide improved efficiency in the delivery of healthcare services by standardizing the electronic interchange and protection of health data through standards for healthcare transactions and administrative information systems. HIPAA compliance is based on an organizations level of enforcement of the rules, regulations, and standards established by the Department of Health and Human Services (HHS) including those related to:

  • Standardization of electronic patient health, administrative and financial data
  • Unique health identifiers for individuals, employers, health plans and health care providers
  • Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.


The Health Information Technology for Economic and Clinical Health (HITECH) Act is part of the American Recovery and Reinvestment Act (ARRA) that was passed in 2009. There are specific incentives within the act to encourage the adoption of health information technology by the health industry. One of the primary objectives of the act is to improve health care quality by implementing new technologies in medical records collection and distribution of vast amounts of patient data across the health system. The benefits of better analytics from the information collected with these new systems would impact healthcare affordability and eventually result in better patient care outcomes. Another significant objective of the act is to revisit the privacy and security concerns under HIPAA and establish definitive enforcement actions and financial penalties for improper disclosure of electronic patient health information (ePHI).

UHY Advisors’ management and technology consulting team helps organization’s assess their risk of non-compliance and can provide guidance on steps to remedy safeguarding ePHI.


The Health Information Trust Alliance (HITRUST) has released the HITRUST Common Security Framework (CSF) version 4.0 and updates to the CSF Assurance Program. The 2012 CSF includes changes and new guidance pertaining to the National Institute of Standards and Technology's (NIST) 800-53 revision 3 (SP 800-53 r3) and reflects industry recommendations, loss data trend analysis, and input from HITRUST Health Information Exchange and Mobile Device Working Groups.

UHY Advisors has been designated a Common Security Framework (CSF) Assessor by the Health Information Trust Alliance (HITRUST), authorizing the firm to perform the healthcare industry data security assessments most widely recognized by HIPAA, HITECH, states, and healthcare industry participants.

PCI Compliance

UHY Advisors officially became a Qualified Security Assessor Company (QSAC) in 2009. To achieve that credential, our professionals completed a comprehensive application process, background check and training effort to meet the rigorous requirements of PCI SSC. The firm offers the following PCI services to meet your compliance requirements and alleviate the demands imposed on merchants and payment card service providers:

  • Annual Compliance Validation & Reporting
  • Quarterly Vulnerability Assessments
  • Penetration Testing
  • Program Management for Merchants & Service Providers
  • Readiness Assessment
  • Remediation Assistance & Evaluation Services
  • Scope Reduction Services
  • Spot Check Programs
  • Strategic Planning