Keeping Information Safe

Our risk assessments are readable, comprehendible and actionable; and we provide the latest solutions for secure wireless migration, disaster recovery planning, and vulnerability protection.

Health IT Security



PHA’s Health IT Security specialists consult, educate, train and guide practices and hospitals throughout the Midwest. Our rates are affordable and our reputation is impeccable.

Last year alone, we were on-site at more than 600 healthcare facilities, providing assessments, testing, audits, project management, training and other services.

Our core team of security professionals comes with a wide range of educational and technology backgrounds as well as industry certifications from (ISC)²; the SANS Institute; and the Information Systems Audit and Control Association (ISACA). 


Download Flyer Button


Security Infographic


SRA Stove Knob InfographicAssessments

Security Risk Assessments In preparation for both HIPAA and Meaningful Use audits, we work onsite, interviewing key staff, conducting physical walk-throughs of facilities, and performing the reviews, scans, and assessments necessary to create a realistic security and privacy remediation plan. Our assessment includes:

  • Documentation Review
  • Administrative Controls Review
  • Network Architecture Review
  • Vulnerability Analysis
  • Physical Walk-through
  • Configuration Review
  • Audit Testing

To inquire about having PHA perform your next SRA, please fill out this short questionnaire.

External Vulnerability Assessments (EVA) To identify vulnerabilities within your Internetfacing infrastructure and attached network systems. We can manage for risk environment or provide one-time testing. Our remote EVAs include:

  • an external scan of IP addresses;
  • a meta-data analysis of your domain; and
  • a DNS / Whois record review. 

Technology Assessments An onsite assessment of your organization’s hardware, software and network, checking network speed and evaluating laptops/ desktops. Post-assessment recommendations on upgrades are aimed at saving you time and money.

Payment Card Industry Data Security Standard (PCI-DDS) Assessments — This is basically HIPAA for charge cards. If you accept credit cards from a major card brand such as Visa, MasterCard, Discover, and American Express, you are required to be compliant of their data security standard. For most organizations, this means completing an annual self-assessment and attestation, which is a technical and arduous task that we can help make easier.


Phishing Testing — We help clients take a proactive approach to see how many of their employees are susceptible to being victimized by a phishing attack in safe and controlled exercise.

Penetration Testing — How vulnerable is your IT infrastructure to exploitation by external adversaries?  A penetration test actively tests your security defenses and network configurations to find holes before the bad guys do.

Password Audits — Passw0rd! will meet most basic password requirements, but can be cracked in seconds. Passwords are our first line of defense in protecting data and IT assets, and password audits provide evidence that employees are adhering to password-creation best practices.


PHA provides training for both the IT and non-IT professional.We'd also be honored to speak at your next conference.

Consulting/Project Management

PHA will advise you, then equip your team with the tools to facilitate in-house solutions.

  • Encryption Strategies
  • Secure Wireless Migration
  • Disaster Recovery Planning
  • Vulnerability Analysis Implementation

Facebook Linkedin News Subscribe Share


George Bailey
George Bailey
Senior Advisor-Health IT Security

Working with Purdue Healthcare Advisors helped to validate what Rush Memorial Hospital has done for years as a leader in rural healthcare informatics...mitigate network security risk.

Jim Boyer, CIO/VP Technology, Rush Memorial Hospital

We annually review our policies and practices as they relate to compliance with the HIPAA Security Rule to maintain a robust and solid security foundation. Using a third party to perform a risk assessment is an optimal business practice, because an independent security consultant has a fresh set of eyes to better evaluate the risks and vulnerabilities to the confidentiality, integrity or availability of electronic protected health information.

Bob Havens, Technical Specialist, Hancock Regional Hospital


Purdue University, West Lafayette, IN 47907 (765) 496-1911

© 2019 Purdue University | An equal access/equal opportunity university | Copyright Complaints

If you have trouble accessing this page because of a disability, please contact Purdue Technical Assistance Program