PYA Auditor Profile
PYA is a Top-100 national CPA and advisory firm headquartered in Knoxville, Tennessee. Particularly strong in healthcare compliance with dedicated HITRUST and HIPAA practices alongside general SOC 2 auditing.
With five offices across the Southeast and Midwest, PYA combines the scale and resources of a national firm with the responsiveness and relationship-driven approach of a regional practice. Their deep healthcare expertise makes them a natural choice for health IT companies and organizations handling protected health information.
What PYA Does Well
- Healthcare compliance leader — Deep expertise in HIPAA, HITRUST, and health IT compliance requirements.
- Top-100 national firm — Scale and resources of a large firm with regional firm responsiveness.
- Multi-office — Five locations across the Southeast and Midwest for local engagement.
Engagement Process
- Initial assessment of compliance landscape and organizational objectives.
- Detailed scoping to identify systems, data flows, and applicable requirements.
- Gap analysis and readiness evaluation with remediation guidance.
- Formal audit fieldwork including control testing and evidence review.
- Report delivery with executive summary and detailed findings discussion.
Pricing Expectations
PYA's pricing reflects their Top-100 firm status and deep healthcare expertise. SOC 2 Type II engagements typically start around $25,000, HITRUST validated assessments from $35,000, and HIPAA security risk assessments from $20,000. Organizations pursuing healthcare-specific frameworks benefit from PYA's specialized knowledge and efficiency in that domain.
Who Should Choose PYA
PYA is the right choice for mid-market and enterprise healthcare organizations, health IT companies, and SaaS providers handling PHI that need HITRUST, HIPAA, or SOC 2 audits from a firm with deep healthcare domain expertise and national reach across the Southeast and Midwest.