Audit firms that can conduct both SOC 2 and HIPAA assessments: both "soc_2_type_2" and "hipaa" listed in servicesOffered, and healthtech or healthcare in industriesServed.
How we picked: Audit firms that can conduct both SOC 2 and HIPAA assessments: both "soc_2_type_2" and "hipaa" listed in servicesOffered, and healthtech or healthcare in industriesServed.
A bundled HIPAA + SOC 2 engagement reduces duplication — the firm collects overlapping evidence once. We filtered for firms that explicitly list both services and that have healthcare or healthtech industry coverage. Firms that list HIPAA but don't show health industry experience were excluded.
Best for: Healthtech companies needing SOC 2 + HIPAA from a single engagement
Pricing: Documented range: $15,000–$75,000
Best for: Mid-market healthtech with multi-framework compliance needs
Pricing: Contact for pricing
Best for: Healthtech startups that want published price ranges for a HIPAA + SOC 2 bundle
Pricing: Documented range: $15,000–$50,000
Best for: Healthtech companies that want tight platform integration during the audit
Pricing: Contact for pricing
Johanson Group LLP also offers HIPAA services and serves the healthtech sector. Its fast 5-week fieldwork timeline makes it worth a quote for smaller healthtech companies. Barr Advisory lists HIPAA in its services but does not specifically list healthtech as an industry — treat that as unverified for healthtech specialization.