Select Page

HIPAA Compliance and Attestation Support

Improve your business’ Protected Health Information (PHI) security by being HIPAA compliant.


Our tailored services are designed to ensure that your organisation meets the stringent requirements of the Health Insurance Portability and Accountability Act (HIPAA)


We work with the auditors and provide ongoing support to help manage and maintain HIPAA compliance to address any evolving regulatory needs.

We work with amazing customers

Oceania Healthcare
AMARU customers
Fiji Airways

We are a team of experienced cybersecurity specialists on a mission to get you HIPAA compliant.

At AMARU, we specialise in assisting Australia and New Zealand businesses through the HIPAA compliance journey and collaborate with auditors to get you HIPAA compliant in no time! Our comprehensive services are designed to streamline the compliance process and ensure a successful outcome for your business.


HIPAA compliance timeline

How can being HIPAA compliant help businesses?

By being HIPAA compliant, Australia and New Zealand businesses can demonstrate a high standard of IT security standards and prevent risks that can compromise patient data.

data security

Robust Data Security

Achieving HIPAA compliance enhances data security, instilling trust and confidence in your organization’s ability to protect sensitive healthcare information.

regulatory adherence

Regulatory Adherence

By obtaining HIPAA certification, your organisation demonstrates a commitment to upholding the regulatory standards set forth by HIPAA, mitigating the risk of non-compliance penalties.

industry recognition

Industry Recognition

Businesses across Australia and New Zealand region can stand out in the healthcare industry by showcasing your dedication to maintaining the highest standards of data privacy and security.

Employees in corporate

Kickstart your HIPAA compliance journey with AMARU


Our team of experienced professionals provide expert guidance and support throughout the HIPAA compliance journey, ensuring a smooth and efficient process.


We understand that every business is unique, which is why we offer tailored solutions to address your specific compliance needs and requirements.


Beyond the certification and attestation process, we provide ongoing support to help your business maintain HIPAA compliance and address any evolving security needs.

Case Study

Oceania is New Zealand’s premium retirement living and aged care provider. They have 3000 staff and 4000 residents spread across 43 sites over the country.

With cyber security incidents continuously featuring in news headlines, the board at Oceania wanted confidence that they were prepared for a cyber security incident. They approached AMARU, who they knew to be pragmatic, solution focused experts in their field, to deliver a cyber security incident response plan.


skilled professionals

Skilled team of professionals at your service

We know there’s a skill shortage in cybersecurity, so entrust our highly skilled cybersecurity specialists to manage all aspects of cybersecurity, ensuring robust cybersecurity and risk management.

we care about your business

We care about your business- like its ours!

This means we go above and beyond to provide you with the highest level of protection and support, just like we would for our own company – and fret not we don’t charge a hefty amount for our consultancy services!

achieve a secure digital environment

Achieve a secure and resilient digital environment

Incorporating aspects of AI and automation, we provide strategies that strengthen your cybersecurity posture, enabling you to sell products and services securely both locally and globally with internationally-recognised security standards.

Frequently Asked Questions

See our frequently asked cyber security questions below for help and advice.

Why is being HIPAA compliant important for my organisation?

HIPAA compliance refers to the adherence to the Health Insurance Portability and Accountability Act (HIPAA) regulations, which are designed to protect sensitive patient health information. It is essential for healthcare organisations, as it demonstrates a commitment to safeguarding patient data, avoiding costly penalties, and maintaining trust with patients.

Who needs to be HIPAA compliant?

There are 3 groups that must be HIPAA compliant:

  1. Covered Entities, 
  2. Business Associates, and 
  3. Business Associate Subcontractors

All of these groups handle PHI on a regular basis and must be equipped to safeguard this sensitive information, though not mandatory for them to get compliant unless your business operates in North America.

Covered Entities are defined as healthcare providers, health plans, and healthcare clearinghouses. Business Associates are the providers that support Covered Entities, usually IT, lawyers, third party administrators, etc. Business Associate Subcontractors are groups that support Business Associates. For example, a physician practice has hired an IT provider and the IT provider bundles services for the practice. In order to do this, the IT provider will contract with a 3rd party for things like cloud backups. In this case, the Physician would have a BA Agreement with the IT provider, and the IT provider would have BA Subcontractor agreements with their 3rd parties.

Does AMARU offer support after getting HIPAA compliant?

AMARU provides ongoing support for Australia and New Zealand businesses that wish to continue maintaining and improving the HIPAA compliance, ensuring long-term adherence to evolving regulations and best practices and ultimately ensure protection of patient data. 


Who needs to be SOC 2 compliant?

In today's digital landscape, where data security and privacy are paramount, the importance of SOC 2 compliance cannot be overstated. As a business owner or decision-maker, you may be wondering, "What is SOC 2...

Why are CREST-Accredited Penetration Testing Provider Preferred?

In the rapidly evolving landscape of cybersecurity, businesses are constantly seeking reliable and effective ways to protect their digital assets from potential threats. Penetration testing, also known as ethical...
ISO 27001 Certification Requirements

ISO 27001 Compliance Requirements & How to Achieve it

Are you looking to enhance your organisation's data security and protect valuable information from potential threats? Look no further than ISO 27001 compliance. In this article, we will explore the what, why, and...
Cyber incidents effecting small businesses

75% of 2023 Cyber incidents aimed at SMBs according to Sophos Report

To all small businesses, BE AWARE. The threat landscape for small businesses in 2024 is evolving rapidly, with cybercrime posing an existential threat to these organisations. According to the World Bank, 90% of the...
Cyber incidents caused by human error

The Dark Reality: Unveiling the Human Factor Driving the Surge in Cyber Breaches

Human error continues to be one of the leading causes of cyber breaches, posing significant threats to businesses and individuals alike. In fact, according to a report by IBM, 95% of all cybersecurity incidents involve...
NISt cyber security frameworks 2.0

Your Ultimate Guide to Understanding NIST Cyber Security Framework 2.0 Update

As threats in the digital realm evolve, the NIST Cyber security framework (CSF) 2.0 serves as a crucial resource to help businesses of all sizes, across industries to reinforce their defences against cyber security...

For more information, reach out today.