HIPAA Risk Audit and Business Associate Agreements Guidance Service
- Client
- Kent, Washington
- RFP Number
- ACCT-25997
- Posted
- 6/26/2026
- Category
- Auditing, Finance and Accounting
- Budget
- Looking for Proposals
- NAICS
- —
- Set-aside
- —
- Contact
- —
Description
AI GeneratedThe Puget Sound Regional Fire Authority in Kent, Washington, is seeking a qualified vendor to conduct a comprehensive audit of HIPAA-related risks within its systems, processes, and data handling practices. The agency needs to identify compliance gaps against HIPAA Security and Privacy Rules and requires expert recommendations to support ongoing compliance. Additionally, the agency is looking for expert guidance to develop, review, and implement its Business Associate Agreements. The selected provider will perform a full assessment of administrative, physical, and technical safeguards, while also evaluating current data handling, storage, transmission, and disposal practices. The scope of work includes delivering a prioritized risk register with severity ratings and recommending corrective actions and mitigation strategies. To strengthen its business partnerships, the agency requires support in developing an internal Business Associate Agreement governance process, along with templates, language recommendations, and guidance on risk allocation, indemnification, breach response, and subcontractor handling. Only onshore organizations based in the United States are eligible to bid on this opportunity. The agency allows the selected provider to perform all work offsite. Bidders must submit any questions regarding this opportunity no later than July 8, 2026, and the agency will accept proposal submissions digitally via email or through an online portal.
Personalized fit score
Sign up free to see how well this opportunity fits your company — based on your saved profile.
Sign up to see your fit score