Services
Assessment-only and flat-fee, scoped and priced up front.
The HIPAA-required risk assessment across administrative, physical, and technical safeguards — documented the way an auditor actually expects to see it. You get a written report with findings, risk ratings, and a prioritized roadmap.
Best for: any practice that hasn't completed a documented SRA in the last 12 months — it's the required foundation of HIPAA compliance.
A clear picture of where you stand against the HIPAA Security and Privacy Rules, and exactly what's missing. Ideal when you want a straightforward before/after view of your gaps without the full SRA scope.
Best for: practices that want to understand their gaps quickly, or pair it with an SRA.
How you'd hold up if OCR or a payer came knocking. I review your evidence and documentation, run through the questions an auditor would ask, and hand you a prioritized list of what to fix first.
Best for: practices facing an OCR inquiry, a payer audit, or acquisition due diligence.
HIPAA expects your risk analysis to be ongoing, not one-and-done. Each year I re-rate prior findings, confirm what's been remediated, and update your risk analysis so you stay current.
Best for: returning clients keeping their SRA current, year over year.
I assess and advise — your team or your IT provider handles the fixes. That independence is the point: an honest, defensible opinion you (and an auditor) can trust.
How It Works
I review your systems, policies, and day-to-day practices against the HIPAA rules.
You get a clear, written report of findings, risks, and what they mean.
A roadmap that ranks fixes by real risk, so you know what to tackle first.
Optional annual re-assessment to confirm progress and keep you current.
Transparent flat-fee pricing. Every engagement is scoped and quoted up front — no hourly surprises. We confirm scope and price on your free 15-minute call.
That's what the free 15-minute call is for — I'll help you figure it out.
Call or text (480) 318-2710