Oakland Community Health Network

Buyer seeks a qualified firm to perform a HIPAA Security Compliance Audit. The contract includes security tests involving penetration testing, firewall configuration review, social engineering, and Office 365 security assessment. Buyer requires a complete risk assessment and policy review for HIPAA/HiTech compliance. The audit must identify vulnerabilities, analyze risks, and provide detailed remediation recommendations with severity ratings.

• 4/14/2025 - RFP Release Date
• 4/22/2025 - Confirmation of Interest Due
• 4/23/2025 - Mandatory Pre-Bid Meeting
• 4/28/2025 - Questions Due
• 4/30/2025 - Q&A Document Distribution
• 5/19/2025 - Proposal Due Date
• 6/9/2025 - Vendor Meetings
• 10/1/2025 - Contract Award

• Five years experience providing HIPAA Security Compliance Audits
• HIPAA Security Compliance Audit experience in Government sector
• HIPAA Security Compliance Audit experience in healthcare sector
• All work performed exclusively by resources located within United States

• Conduct internal and external penetration testing at all three sites
• Perform HIPAA security gap analysis against regulatory requirements
• Conduct risk assessment based on NIST-800-30 standards
• Analyze PHI sources, flow, and information systems hosting it
• Perform security vulnerability audit of all OCHN sites and systems
• Conduct social engineering to identify risks
• Provide remediation recommendations with severity and impact ratings
• Review firewall configurations and best practices
• Assess Microsoft Office 365 security score
• Prepare comprehensive report with risk mitigation priorities