Centra State Healthcare System
AtlantiCare Healthcare
Inspira Health Network
Penn Medicine
Christian Health Care Center
Metrohealth: University Of Michigan Health

At ComplyAssistant, we offer governance, risk, and compliance software, consulting and service solutions to organizations of all sizes. Designed to help you organize and manage complex security and compliance processes, our software and companion consulting services will help you be more efficient.

Heard the term "GRC" but not quite sure what it means or how it relates to healthcare?

Download this infographic for the top '5 Things You Should Know About GRC'

grc infographic banner

GRC Software

Our risk management and healthcare compliance software can help you meet your compliance and security needs.

compliance management software mobile audit application

Healthcare Compliance Consulting

We focus on virtual CISO services to cover all control standards (e.g. HICP, HIPAA etc.), identify gaps, and deliver a holistic risk mitigation roadmap.

consulting with compliance management software

White Label GRC Software

Managed service providers (MSPs) and Managed Security Service Providers (MSSPs) use our compliance management software to provide general IT and HIPAA services to their clients.

  • Easily manage a high volume of client audits with a structured tool.

  • Administer third-party vendor risk management programs.

  • Manage your clients by exception with extensive filters, automated alerts and notifications.

  • Provide clients with secure access to their own documents and reports.

compliance management software business associate management
compliance management software client deliverables
Cape Regional Health System

"ComplyAssistant’s cloud-based software solution allowed us to efficiently and effectively manage the entire compliance process, from assessment development and distribution through management of action items." --CIO

See ComplyAssistant’s GRC software in action. Schedule a demo

Featured Press

Preparing to pass a spot audit conducted by your state department of health

Gerry Blass – ComplyAssistant President and CEO. Dana Penny – Chief Compliance Officer at The New Jewish Home in New York, NY. In this article, Gerry Blass and Dana Penny walk CISO’s through the process of preparing to pass a spot audit in the June issue of Compliance Today magazine. In the article, Blass and […]

Technology Expert Jesse Fasolo Highlights Cybersecurity Threats to Healthcare (Interview)

ComplyAssistant client St. Joseph’s Health’s Jesse Fasolo, PhD student, director, technology infrastructure & cybersecurity, information security officer, said Information security is changing so fast, healthcare systems need to work on shorter strategies so they can pivot to what’s current.

Gerry Blass on Healthcare Vendor Risk Management (Podcast)

Healthcare risk doesn’t stop at the facility’s door. Covered entities have countless business associates (BA), each of which poses risks of its own. That, in and of itself, is a challenge, but Gerry Blass, President and CEO of ComplyAssistant observes in this podcast that many covered entities aren’t even sure of their complete list of vendors, let alone the risks that can reside in them.

Free Tools

HIPAA Business Associate Agreement Template

This is a HIPAA Business Associate Agreement / Contract Addendum template for the requirements of the HITECH Act of 2009 in Microsoft Word format. Use it as a starting point and customize to meet the requirements for your business associates agreements.

HIPAA Privacy and Security Proactive Audits Tool Kit

Contains recommended HIPAA Privacy and Security audits that your organization should consider implementing for policies & procedures, proactive information system activity review, and facility walkthroughs.

HIPAA Facility Security Walkthrough Checklist

Excellent guidance for auditing facilities that contain protected health information. Simply check the boxes and write notes as you conduct your walk-through audit.


Mitigate Risk While Preparing for the Future: Why You Need a DRBC Plan

An article released by Gartner in July 2021 reported that by the year 2025, cyberattackers will have weaponized operational technology (OT) environments to successfully harm or kill humans. OT attacks, also known as attacks on hardware and software that monitors or controls equipment, assets, and processes, are on the rise. Consider the spring 2021 ransomware attack on the Colonial Pipeline, for example. Effects were felt up and down the East Coast, resulting in a payout of $4.4 million2 and damage to hospitals, emergency medical services, and law enforcement agencies.

8 Questions to Help you Choose the Best GRC Software Solutions for your Company

When looking for a new GRC software platform, it’s important to have one with all the latest features including task management, audits, and more.

October is Cybersecurity Awareness Month: Is Your Organization Prepared?

In today’s ever-changing cyber landscape, we talk a lot about what measures to take if you have experienced a data breach or ransomware attack. Who do I call if my patient’s health information has been comprised? Do I need to pay the ransom? How long will my organization be down and disrupt the continuity of care?


GRC Software Update: A Guide to Our Latest Frameworks and Features

An organization’s approach to governance, risk, and compliance can have a huge effect on business. In today’s world of cyber breaches and ransomware attacks on companies of all sizes and scope, organizational leaders must work together to ensure their approach to GRC is intact.

The Evolution of Risk to PHI and Patient Safety

In the 70s and 80s, healthcare organizations started to migrate their patient management information from hard copy to electronic, either on shared mainframes such as SMS and McAuto or on microprocessors. The user workstations had no intelligence and were known as “dumb terminals.” There were limited locations of electronic identifiable health information. There was no motivation to sell identifiable health information.

Information Blocking and the Future of Patient Care: Breaking Down the 8 Exceptions

President and CEO Gerry Blass sat down with Journal of AHIMA senior editor Mary Butler on a recent episode of the Hi Pitch Podcast to talk about the 21st Century Cures Act Information Blocking Final Rule and the eight information blocking exceptions. Blass was joined by attorney Helen Oscislawski, who spoke to the challenges her clients have faced as they prepare to comply with the rule, which goes into effect on April 5th.