Risk assessments, policies, training, and vendor management — set up in an afternoon, not six months.
The regulations are the same whether you have 5 employees or 5,000. But the tools and consultants were designed for large organizations — until now.
Traditional compliance programs take 3–6 months of meetings, questionnaires, and revisions. You have patients to see.
Most consultants charge $10K–$50K for a risk assessment and policy set. That's a big ask for a practice with slim margins.
Without a structured assessment, it's difficult to see your gaps — let alone prove to an auditor that you've addressed them.
You answer the questions about your practice. We handle the policies, the risk analysis, and the documentation.
10 questions, 2 minutes, no signup. See where your practice stands and which areas need attention first.
75 plain-language questions about your practice. Not sure about the IT questions? Send your IT provider a magic link — they answer their part directly.
AI generates 18 policy documents tailored to your EHR, your state's laws, and your practice size. Ready to use, not templates to fill in.
Quarterly re-scans flag new gaps. Policies update when regulations change. Vendor agreements are tracked for you. Compliance on autopilot.
75 plain-language questions covering every HIPAA safeguard. AI explains what each one means and why it matters — no compliance background needed. Get a clear picture of where you stand and what to fix first.
Incident Response, Breach Notification, Access Control, and 15 more — generated with your practice name, your EHR system, and your state's laws already written in. Not templates to fill in. Yours, ready to use.
Quarterly re-scans flag new gaps. Policies update automatically when regulations change. Your compliance score tracks your progress in real time. One click generates a complete audit package.
Using Epic? athenahealth? eClinicalWorks? Your policies reference your actual system with specific configuration guidance.
Send your IT provider or billing company a magic link. They answer their part directly — no signup needed.
Track which vendors touch patient data, monitor BAA status, and get renewal alerts. 100+ common vendors pre-loaded.
Share controls across locations, run per-site assessments, and get consolidated reporting from one dashboard.
8 video modules with quizzes, certificates, and role-based tracks. Annual renewals tracked automatically.
Snap photos of server rooms, locks, and signage from your phone. Evidence links directly to assessment questions.
The proposed 2026 update would eliminate "addressable" safeguards — meaning every requirement would apply to every practice. The final rule is expected mid-2026. Here's what to prepare for.
Every practice must complete a documented risk assessment — the exact assessment ComplyMD generates for you.
All devices with ePHI would need to be encrypted. No more "addressable" exceptions.
MFA would be required on all systems accessing patient data.
Would require restoring critical systems within 72 hours with tested backups.
Would require written confirmation from every Business Associate that safeguards are in place.
Documented inventory of all systems that create, receive, or transmit ePHI.
No per-employee fees. No setup costs. Whether you have 3 staff or 30, the price is the same.
| ComplyMD | Consultant | HHS SRA Tool | |
|---|---|---|---|
| Cost | $99/mo | $10K–$50K+ | Free |
| Time to complete | < 1 hour | 3–6 months | 20+ hours |
| Policy documents | ✓ 18 docs | ✓ | ✗ |
| Vendor management | ✓ | Extra $$$ | ✗ |
| Multi-practice | ✓ | ✓ | ✗ |
| Staff training | ✓ | Extra $$$ | ✗ |
| Collaborative assessment | ✓ | ✗ | ✗ |
| Ongoing monitoring | ✓ | Extra $$$ | ✗ |
Yes. The 75-question assessment covers every safeguard in the HIPAA Security Rule, and the 18 policy documents satisfy the documentation requirements auditors look for — the same scope as a full consulting engagement.
For most small healthcare organizations, no. ComplyMD handles risk assessment, policies, training, and vendor management. If you have complex multi-entity structures or need legal counsel for an active investigation, we can point you in the right direction.
The Professional plan includes a one-click audit package — your complete SRA report, all 18 policies, evidence documentation, training certificates, and vendor BAA records, ready to share with auditors.
The HHS tool helps you assess risk but doesn't generate policies, remediation plans, vendor tracking, or training. It takes 20+ hours and assumes you already understand HIPAA. ComplyMD handles all of that for you.
Yes. We're HIPAA compliant ourselves — encrypted at rest and in transit, with a BAA available. We never store patient data. Your assessment answers are encrypted and only accessible to your practice.
Of course. The free risk scan — 10 questions, no signup — gives you an instant HIPAA readiness score and shows you which areas to focus on. No credit card, no commitment.
15 multiple-choice questions. Instant compliance score. Personalized gap report showing exactly where your risks are.
93 requirements across 10 categories — interactive, with live scoring. The full picture of everything your organization needs.
The Security Risk Analysis is the #1 most cited HIPAA deficiency. Here's exactly how to complete one for your small practice — step by step.
The proposed 2026 Security Rule would eliminate 'addressable' safeguards — making encryption, MFA, and penetration testing mandatory.
Nursing homes face unique HIPAA challenges — 82% staff turnover, shared workstations, 15-25+ vendor relationships, and regulatory overlap with CMS.
ComplyMD launches soon. Join the waitlist for founding member pricing — up to 40% off, for life.
No spam. Just launch updates and your discount code.