Your Data Health is a healthcare-tech SWAT team for HTI-1 through HTI-4, USCDI v3/v4, and MHMDA privacy. Founded and led by Terry Virdell, our delivery team of senior FHIR engineers, QA architects, and privacy specialists deploys on day one.
TAP (Technical Audit Protocol): we test your implementation, identify failing criteria, and deliver a remediation plan with re-scan verification evidence, so you can prepare for ONC certification and surveillance with confidence.
The pen-test before the certification audit. We find what Drummond, ICSA Labs, and SLI Compliance will find, while you still have time to fix it.
Pen-test rigor. Continuous compliance watch.
Starting at $7,500 (Starter Audit). Fixed-fee packages, scoped to endpoints and environments.
Technical diagnostics and evidence, not legal advice. Certification decisions remain with ONC-ACBs.
After you submit intake, our delivery team responds within one business day with a scoping call and a written SOW.
Different deadlines, different stakeholders, same technical bar. TAP speaks all three languages.
Patient Access, Provider Directory, and Prior Authorization APIs are watched. Surveillance findings hit your compliance scorecard and your provider contracts.
Outcome: citation-level findings against CMS-9115-F and CMS-0057-F, with a remediation backlog your engineering team can ship before the compliance date.
CMS-9115-F · CMS-0057-F · Da Vinci · CARIN Blue Button · state Medicaid & insurance mandates
Your EHR upgrades, your FHIR endpoints, your patient portals: when interoperability changes, clinical logic regressions slip through. That’s how patients get hurt.
Outcome: a defect-prevention framework rooted in 15 years of zero critical defects at Providence; evidence packet you can hand to your audit committee.
HTI-1 · USCDI v3/v4 · WA MHMDA · state breach notification · MEWS/SEPSIS-grade rigor
Health-system procurement and Series B diligence both ask the same question: can your FHIR endpoint pass a real audit? A failed pilot or a flagged data room kills the round.
Outcome: board-ready summary your CTO hands to the audit committee, your CEO hands to investors, and your engineering team executes against on Monday.
HTI-1 · WA MHMDA · CCPA/CPRA · BIPA · investor diligence
We monitor every active federal and state regulation so you don’t have to. ONC, CMS, HHS OCR, WA MHMDA, CCPA/CPRA, BIPA, state breach notification, and emerging health-data privacy laws, tracked and updated as the rules change. See state laws → · Regulations overview →
You get concrete artifacts you can hand to engineering, procurement, and leadership, not a generic checklist.
Board-ready summary your CTO can hand to the audit committee, your CEO can hand to investors, and your engineering team can execute against on Monday. One artifact, three rooms.
A focused audit that maps requirements to evidence, finds failure modes, and hands your team a remediation backlog you can execute.
HTI-1 through HTI-4, USCDI v3/v4, and FHIR behaviors that must hold up during procurement and surveillance.
We translate requirements into testable checks across de-identification pipelines, PHI handling, and access controls.
Our team drops in at milestone moments: pre-release reviews, investor diligence readiness, and remediation verification.
Want the deeper context?
Read the Regulations overview, the HTI-1 through HTI-4 & USCDI v3/v4 guide, or explore the Regulatory Hubs.