Welcome to the Third Rock Certification 

Certified1 by Third Rock informs your customers, business associates and subcontractors that your healthcare organization, service or product has been evaluated for HIPAA Compliance using our Worry-Free Compliance™ solution and remediated all significant deficiencies.  Organizations bearing the official HIPAA Compliant Certified1 by Third Rock seal have satisfactorily addressed each of the following HIPAA requirements:

  1. Complete a Security Risk Assessment
    • NIST compliant, performed by third party
    • includes automated HIPAA scans of computer, over 110 NIST defined checks
    • includes automated Vulnerability scans of computers, identifying any outstanding known vulnerabilities
    • re-mediated the issues found in the assessment
  2. Establish appropriate safeguards to ensure the security of (electronic Protected Health Information, ePHI)2
    • Administrative Safeguards
    • Physical Safeguards
    • Technical Safeguards
  3. Implement organization-specific Policies and Procedures for the management and protection of PHI and ePHI.
    • readable and usable by staff
    • includes Breach Notification P&P
    • includes a Contingency and Emergency Response plan
  4. Document all HIPAA compliance activities
  5. Train all members of the workforce in appropriate handling of PHI and ePHI to protect patient's privacy and security
  6. Implement appropriate and proper Business Associate management to ensure they are HIPAA compliant
  7. Went above and beyond to protect ePHI
    • Improve the defense, detection and ability to defeat cyber attacks to better protect ePHI
    • Made every effort to protect ePHI by performing both the required steps provided by HHS and going above and beyond to ensure the security


Third Rock provides certification for covered entities and business associates that deal directly or indirectly with ePHI. This includes, but is not limited to...

  1. Healthcare Organizations
    • (e.g., hospitals, Medical clinics, Physician practices, Dental offices,  Chiropractor offices, Dermatologist offices, Optometry offices, etc.)
  2. Business Associates serving Healthcare Organizations
    • (e.g., IT managed service providers; Durable medical equipment technicians; Contract dietary staff, food services, suppliers, maintenance companies, security firms, housekeeping, medical device manufacturers, etc.)
  3. Applications used in Healthcare
    • (e.g., EMR/EHR, practice management, analytics, billing, clearinghouses, processing centers, software vendors, etc.)
  4. Technology used in Healthcare
    • (e.g., hardware vendors, MSPs, MSSPs, consultants, sales staff, etc..)
  5. Any company that may come in contact with, handle, process or store PHI or ePHI.


If you would like to earn your HIPAA Compliant seal and be certified by Third Rock please contact us.

If you would just like to learn more about our HIPAA offerings contact us or join our monthly newsletter.


There is no "formal" certification process put forth by HHS nor does HHS endorse any certification process. Our "HIPAA Compliant" certification independently verifies to your healthcare business community that your organization has taken all  reasonable and appropriate steps to protect patient data and to protect your client's ePHI and livelihood.

See Appendix A to Subpart C of Part 164 – Security Standards Matrix.

We do not perform product comparisons.  "HIPAA compliant" means the product works as stated to protect PHI/ePHI.