Risk Analysis
It is a HIPAA & HITECH Meaningful Use Mandate. Small Practices, large health systems, business associates must comply. Conduct a risk analysis exercise annually.
Technical Vulnerability Assessment
One in four has reported a data breach. Compliance mandates require the infrastructure to be assessed from the outside (external), from the inside (internal), firewall (DMZ) and wireless.
Business Impact Analysis (BIA) & Disaster Recovery
Compliance mandates require a Business Impact Analysis (BIA) exercise to be conducted and the IT Disaster Recovery Plan (DRP) to be created and updated regularly. Prepared?
Health IT Services
On-Demand Consulting (flat rate starting @10 hours only), Managed Compliance Services Program (MCSP), Project Management, IT Professional Staffing, Security Implementation and more, are part of the 360 suite of services offered to address your priorities and challenges

Years of experience


Clients on continents


People trained & certified



Client Testimonials

"The professionalism and complete subject matter knowledge make ecfirst the consultants of choice for HIPAA and HITECH information and issues. Our experience with ecfirst was unwavering in addressing all issues and enabling a foundation for an active and vibrant compliance program. Pabrai’s leadership was exceptional, very devoted to ensuring all areas were appropriately addressed.”

Blake Anderson

Department of Health, State of Utah

“The strengths of the course included content, materials, presenter/instructor, and the participants’ background and expertise. Mr. Pabrai provided an excellent environment for participants to contribute experiences and input to the topics covered. Mr. Pabrai demonstrated complete knowledge of subject matter. I will recommend participation in future courses.”

Rafael Diaz

Clinicas del Camino Real, Inc.

“Nixon Peabody provides extensive services in the area of HIPAA and HITECH legal services and recently retained the services of Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) as an expert on information security. The case involved a data breach matter between a covered entity and a business associate. I found Mr. Pabrai and his organization, ecfirst, as exceptionally responsive in supporting all our activities as requested on a timely and professional manner. His insight was valued and of significance. We look forward to our continued association.”

Linn F.FreedmanPartner

Nixon Peabody LLP

ecfirst, Home of The HIPAA Academy™, is a leader with rich hands-on experience delivering world-class services