Compliance and Audits

Health IT software is subject to strict regulation to ensure safety, security, privacy, reliability, and interoperability.

Private companies, the federal government, and the general public all have an interest in safe and useful software in the fast changing Health IT space. Recent legislation, such as the 21st Century Care Act, has laid out long-term goals for Health IT in the United States, with a focus on safety and interoperability (IOP). For example, EHR Vendors must obtain an EHR-certification from an ONC-approved Accrediting Body, or ONC-ACB.

Quandary Peak has served on the front line in the changing Health IT landscape. We provide trusted and independent audit and oversight of company policies, development processes, software architectures, and source code quality. Our growing team of software analysts specialize in software development oversight audits and independent analyses.


What We Do
  • Impartial, independent, and objective analysis
  • Internal audits and consultation
  • Consultation for government agencies
  • Software compliance reviews for Corporate Integrity Agreements
  • Compliance audits for Sofware Development Process/Lifecycle Standards
  • Compliance reviews and testing for Software Functional Requirements
What We Know
  • Quality Risk Management Systems (QRMS)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Risk Management Systems, including design controls, and risk analysis phases and risk matrices
  • Application of Agile methodologies to QRMS and RM-driven systems
  • GAGAS and other industry auditing guidelines
  • Health IT standards for security and privacy

Call or email us to speak with one of our experts about source code review.