Steven Marco

HIPAA Compliance, Risk Management and IT Strategist, Modern Compliance Solutions

Steven Marco , President of Modern Compliance Solutions, has a passion for IS Security and over 18 years as a leader in executing various regulatory compliance mandates and Health IT. A CISA since 1999, he helped pioneer Internet Security Services and manage risk for numerous Fortune 500 companies while at Deloitte & Touche. At Resources Global Professionals, he led IT through their Sarbanes Oxley 404 audit and successful IPO in 2002. He currently drives risk management services through data security and regulatory compliance consulting, while developing industry-leading compliance automation software called HIPAA One. Steve holds a Bachelor’s Degree from Ryerson University in Computer Information Systems Management and Corporate Law.


  • Recorded Webinars

Steven Marco

How to Survive a HIPAA Security Audit

Your organization's focus should be protecting the privacy and security of PHI and reducing the probability of a breach. Passing an OCR audit should be the result of an effective compliance culture, not your aim on goal.

Steven Marco

HIPAA Security Risk Analysis Software – Not all Tools are Created Equal

Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule all electronic protected health information (e-PHI) created, received, maintained, or transmitted by a "covered entity" and "business associate" is subject to the Security Rule. If we assume that information technology powers modern health care, then it stores or disseminates most everything an entity might know about a patient. Thus, e- PHI security and privacy is fundamental and paramount.

Steven Marco

How to Survive a HIPAA Security Audit

Your organization's focus should be protecting the privacy and security of PHI and reducing the probability of a breach. Passing an OCR audit should be the result of an effective compliance culture, not your aim on goal.

Steven Marco

HIPAA Security Risk Analysis Software – Not all Tools are Created Equal

Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule all electronic protected health information (e-PHI) created, received, maintained, or transmitted by a "covered entity" and "business associate" is subject to the Security Rule. If we assume that information technology powers modern health care, then it stores or disseminates most everything an entity might know about a patient. Thus, e- PHI security and privacy is fundamental and paramount.

View All