HIPAA Readiness Audit
A full review of your practice's HIPAA compliance posture — administrative, physical, and technical safeguards — with a prioritized remediation plan.
What's included
- Privacy, Security, and Breach Notification Rule gap analysis
- Review of current policies, Notice of Privacy Practices, and BAAs
- State-specific overlay (GA, CA, TX, FL, NY, PA, IL — others available)
- 30 / 60 / 90-day prioritized remediation plan
- Written report with citations to 45 CFR Part 164 and applicable state law
- 60-minute working-session call to walk through findings
Timeline: 2–3 weeks
Ideal for: Solo practitioners and practices up to 10 clinicians
Flat-Fee Privacy & HIPAA Compliance Services
Practical privacy and HIPAA compliance support for small healthcare practices, therapists,
counseling groups, independent clinics, and medical offices.
Note: Flat-fee and monthly advisory options are based on practice size, number of locations, vendor complexity, documentation needs, and urgency. Final pricing is confirmed after a short readiness call.
$3,500 – $7,500
Book Discovery Call
State Privacy Overlay Package
Tailor your HIPAA foundation to your state's specific privacy, mental-health, and telehealth rules.
What's included
- State-specific Notice of Privacy Practices
- Policy updates for your state's mental-health, substance-use, and minor-consent rules
- Telehealth compliance check against your state's licensing-board rules
- State breach-notification procedure
Timeline: 1–2 weeks
Ideal for: Practices with a HIPAA baseline needing state-specific adjustments
Business Associate Agreement Review & Remediation
Your BAAs are your front line of breach protection. Most practice BAAs haven't kept pace with HIPAA updates, state law, or the AI tools you've added since.
What's included
- Complete vendor inventory (EHR, scheduling, billing, AI scribes, cloud storage, email, chat, etc.)
- Individual BAA gap analysis against current HIPAA and state-law requirements
- Prioritized remediation list with renegotiation-ready language templates
- Optional vendor outreach support
Timeline: 1–2 weeks
Ideal for: Practices using modern EHR, scheduling, telehealth, or AI tools
Breach Response Playbook
Preparation is the difference between a breach that costs $5,000 and a breach that costs $500,000. Have a plan before you need one.
What's included
- Step-by-step breach response procedure calibrated to your state
- Notification templates (patient, HHS OCR, state AG, media where applicable)
- Evidence preservation and forensic-readiness checklist
- Contact roster template (counsel, cyber insurance, forensic firm, notification vendor)
- 60-minute tabletop-exercise session to walk through a simulated incident
Timeline: 1 week
Ideal for: Practices that want to be ready — including those that have had a near-miss
HIPAA Policy Library
The foundational policy set a covered entity is expected to maintain — calibrated to your practice size, modality, and state.
What's included
- HIPAA Privacy Rule policies (uses, disclosures, patient rights, NPP, minimum necessary)
- HIPAA Security Rule policies (administrative, physical, and technical safeguards)
- Breach Notification policies
- Workforce training outline and attestation templates
- Sanction / enforcement policy
Timeline: 2–3 weeks
Ideal for: Practices with outdated or template-based policies, or no documented set
Ongoing Compliance Advisory (Retainer)
A compliance partner on call. Quarterly reviews plus ad-hoc support when questions or incidents surface.
What's included
- Quarterly compliance posture review
- Incident-response support (up to 4 hours/month included)
- Annual policy refresh
- New-vendor BAA review (up to 6 vendors/year)
- Annual workforce training session
- Priority response window (1 business day)
Timeline: Monthly retainer (3-month minimum)
Ideal for: Practices that want a compliance partner on call