Drummond Group, LLC

Drummond Group is a specialized compliance, certification, and security assessment firm serving the healthcare and B2B technology sectors for over 25 years. The company operates as an ONC-Authorized Certification Body (ACB), PCI Quality Security Assessor (QSA), and DEA EPCS Approved Auditor, providing third-party validation services for health IT developers and healthcare organizations.

The firm's core capabilities center on regulatory compliance testing and certification, including ONC Health IT certification, HIPAA gap assessments, DEA EPCS certification, PCI DSS audits, and FHIR interoperability testing. Drummond also provides SOC 2 and ISO 27001 audit services, AS2 B2B certification, and supply chain interoperability testing. The company positions itself as having conducted more ONC Health IT certifications than all other ACBs combined.

Drummond serves health IT software vendors, EHR developers, digital health companies, and healthcare organizations requiring regulatory compliance validation. The company recently expanded its cybersecurity portfolio with SOC 2 audit services and offers bundled compliance packages including HIPAA validation and FHIR interoperability testing memberships.

Organizations should consider Drummond when they need authoritative third-party certification for regulatory compliance in healthcare IT. The firm's status as a leading ONC-ACB and approved auditor for multiple regulatory frameworks provides credibility and market recognition for certified products. Companies pursuing ONC Health IT certification, EPCS compliance, or PCI DSS validation will benefit from Drummond's specialized expertise and established processes.

Expect a structured, audit-focused engagement with script-based testing methodologies and comprehensive documentation. The firm emphasizes thorough examination against conformance criteria with weekly touchpoints and clear timelines, suitable for organizations with internal resources to address identified gaps.

Drummond specializes exclusively in healthcare IT compliance and adjacent regulated industries. The company's healthcare services span ONC Health IT certification for ambulatory and inpatient EHR systems, DEA EPCS certification for e-prescribing controlled substances, HIPAA security and privacy assessments, and FHIR interoperability testing. They maintain expertise in healthcare-specific regulations including the ONC HTI-4 certification for prior authorization and emerging SCRIPT standards for e-prescribing.

The firm has completed thousands of ONC certifications, HIPAA assessments, and EPCS certifications specifically for healthcare technology providers. Their FHIRplace membership program and FHIR interoperability testing demonstrate ongoing investment in healthcare data exchange standards.

Health IT software vendors and digital health companies developing EHR systems, e-prescribing solutions, patient portals, or FHIR-based applications who require regulatory certification for market access. Mid-size to enterprise healthcare organizations needing third-party validation of HIPAA compliance, PCI DSS adherence, or cybersecurity controls. B2B technology providers in healthcare supply chain requiring AS2 or EDI interoperability certification.