Skip to Content
Department of Health Services

Request for Proposals (RFP) to provide a HIPAA Security Risk Assessment for Sonoma County

Published: April 04, 2019

The County of Sonoma is pleased to invite you to respond to a Request for Proposals (RFP) to provide a Health Insurance Portability and Accountability Act (HIPAA)/Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) Privacy and Security Risk Analysis for multiple County departments and perform other services as further described below.

Pursuant to 45 Code of Federal Regulations (CFR) section 164.105, the County has established itself as a hybrid entity and has designated five (5) County departments as covered components of the Covered Entity (CE). In an effort to ensure/achieve compliance with HIPAA/HITECH across all portions of the CE, the County has endeavored to create standards and practices for implementation countywide. In furtherance of that effort, the County desires to contract with an entity/organization to complete a HIPAA/HITECH Security Risk Analysis that meets the requirements of 45 CFR section 164.308(a), for each CE department. While completion of a Security Risk Analysis is a required element of this request, proposals are also sought for the completion of a HIPAA Privacy Rule Gap Analysis and Physical Assessment, to be performed at the County’s discretion.

For questions regarding this specific solicitation, email Ken.Tasseff@sonoma-county.org with a copy to DHS-Contracting@sonoma-county.org.

You must be registered in the County of Sonoma's Supplier Portal (http://sonomacounty.ca.gov/Supplier-Portal) in order to view the full solicitation, download and upload documents, and bid. It is incumbent upon all interested parties to check for any changes, including updates or addenda, by logging into the County’s Supplier Portal and reviewing the event.