Apgar and Associates, LLC | Privacy, Security, Risk Management

Apgar & Associates, LLC is a Portland, Oregon-based consulting firm specializing in healthcare privacy, security, and regulatory compliance. Led by President & CEO Chris Apgar, who serves on the Health Sector Coordinating Council's Joint Cybersecurity Working Group on behalf of AHIMA, the firm works with hospitals, health systems, digital health vendors, and business associates navigating HIPAA, HITECH, and other healthcare compliance requirements.

The firm provides security risk analysis, compliance program development, policies and procedures documentation, security incident response planning, and certification readiness services for HITRUST, SOC 2, and ISO 27001. As a designated HITRUST Readiness Licensee since October 2022, Apgar & Associates offers structured preparation for organizations pursuing formal certifications. Their approach emphasizes comprehensive security risk assessments, evidence collection frameworks, and actionable remediation strategies.

The firm has responded to OCR investigations, supported breach response efforts, and helped business associates demonstrate compliance to healthcare clients. They maintain an active thought leadership presence addressing topics including network segmentation requirements, cybersecurity performance goals (CPGs), remote work security, and ransomware incident classification.

Choose Apgar & Associates when you need methodical, compliance-focused consulting from practitioners with direct healthcare industry involvement. Their HITRUST Readiness Licensee status and HSCC participation suggest current knowledge of evolving healthcare security standards and regulatory expectations.

Expect a structured approach to security risk analysis, evidence-based gap remediation, and documentation development that supports both day-to-day compliance operations and formal certification pursuits. Their experience with OCR investigations indicates familiarity with regulatory scrutiny scenarios.

Apgar & Associates focuses exclusively on healthcare sector privacy and security compliance. Their expertise centers on HIPAA Security and Privacy Rules, OCR enforcement patterns, and healthcare-specific certification frameworks including HITRUST. The firm addresses healthcare business associate compliance requirements, PHI breach response protocols, and telehealth security considerations. Their leadership's AHIMA representation and HSCC participation demonstrates sustained commitment to healthcare industry standards evolution and cybersecurity coordination specific to the healthcare and public health sector.

Mid-sized healthcare providers, health systems, and business associates with 50-500 employees seeking to strengthen existing compliance programs or prepare for formal certifications. Digital health companies scaling operations who need to demonstrate security maturity to healthcare clients. Organizations facing OCR investigations requiring experienced compliance response support.