HIPAA Compliance
Guaranteed Or We Bear The Cost.
Most practices think they are compliant and without breaches when in fact 96% of all organizations have had at least one breach and almost 50% have had 5 or more, according to industry research..
AI-powered compliance solutions – guided by human experts, get you audit-ready fast.
Backed by our $100,000 Quality Guarantee and a Full Money-Back Promise.
HIPAA Compliance
Guaranteed Or We Bear The Cost.
Most practices think they are compliant and without breaches when in fact 96% of all organizations have had at least one breach and almost 50% have had 5 or more, according to industry research..
AI-powered compliance solutions – guided by human experts, get you audit-ready fast.
Backed by our $100,000 Quality Guarantee and a Full Money-Back Promise.
The Compliance Crisis.
From medical history to appointment reminders, every exchange of sensitive patient information in healthcare comes with an expectation that they remain private and secure.
HIPAA is a set of rules issued by the US government that ensures this expectation isn’t just “good practice”, but the law. 784 HIPAA breaches in 2024 totaling over 276 million records, which is 82% of the U.S. population.
784 HIPAA breaches in 2024 totaling over 276 million records, which is 82% of the U.S. population.
- Audit Failure.
Most organizations think they’re compliant. Few actually are. Outdated policies, untrained staff, or incomplete risk assessments leave silent gaps that can destroy a business overnight.
- Risk
Every day another healthcare entity has a HIPAA breach. The average penalty exceeds $1.3 million – and that’s before the cost of lost reputation, data recovery, or class-action exposure.
The 12X Compliance Method™
Our Al-powered compliance program can scan and help correct vulnerabilities – guided by human experts with decades of field experience. Together, we don’t just prepare you for compliance, we build it into your operations, so you operate securely and confidently.
- Real-Time vulnerability detection
- Expert Guidance - Actionable insights from specialists
- Built-in Compliance - Secure, scalable operations
- Achieve confidence in your program while reducing costs by 50-70%
- Transform your business with a zero risk 100% Money-Back Guarantee
The 12X Compliance Method™
Our Al-powered compliance engine continuously scans, scores, and corrects vulnerabilities – guided by human experts with decades of field experience. Together, we don’t just prepare you for compliance, we build it into your operations so you scale securely and confidently.
- Continuous Scanning - Real-time vulnerability detection
- Automated Scoring - Intelligent risk prioritization.
- Expert Guidance - Actionable insights from specialists
- Built-in Compliance - Secure, scalable operations
- Achieve confidence in your program while reducing costs by 50-70%
- Transform your business with a zero risk 100% Money-Back Guarantee
Social Proof & Credibility.
Competition and Innovation: HIPAA’s standardized data formats and privacy regulations foster a competitive environment for healthcare technology companies. This encourages innovation in areas like Electronic Health Records (EHR), Electronic Medical Records (EMR) and Personal Health Information (PHI), data analytics, and personalized medicine, ultimately benefiting patients and the healthcare system.
- Over 1,000 Organizations Guided To Full Compliance
- 100% Client Satisfaction Rating For Our HIPAA Workshop
- Partners Include Certified Auditors, Cybersecurity Specialists, And Regulatory Attorneys
- Over 1,000 Organizations Guided To Full Compliance
- 100% Client Satisfaction Rating For Our HIPAA Workshop
- Partners Include Certified Auditors, Cybersecurity Specialists, And Regulatory Attorneys
Keeping you 100% Audit compliant
Decades of proven expertise driving real impactful results for clients.
Social Proof & Credibility.
Competition and Innovation: HIPAA’s standardized data formats and privacy regulations foster a competitive environment for healthcare technology companies. This encourages innovation in areas like Electronic Health Records (EHR), Electronic Medical Records (EMR) and Personal Health Information (PHI), data analytics, and personalized medicine, ultimately benefiting patients and the healthcare system.
- Over 1,000 Organizations Guided To Full Compliance
- 100% Client Satisfaction Rating For Our HIPAA Workshop
- Partners Include Certified Auditors, Cybersecurity Specialists, And Regulatory Attorneys
Unlock growth, streamline ties, and build a thriving practice.
A breach of patient data could destroy your reputation
Achieve confidence in your compliance while reducing cost by 50% – 70%.
Decades of proven expertise driving real impactful results for clients.
Our Guarantees
You leave the Workshop with a HIPAA Compliant Program.
We stand behind our services with a dual promise.
Quality Guarantee
- We will cover any fines you receive up to $100,000.
Risk Guarantee.
- We offer a Money Back Guarantee.
Our 2 day HIPAA Compliance Workshop — the fastest and easiest way to achieve full HIPAA compliance.
You can attend the HIPAA Compliance Workshop in-person or online.
Our Guarantees
You leave the Workshop with a HIPAA Compliant Program.
We stand behind our services with a dual promise.
Quality Guarantee
- We will cover any fines you receive up to $100,000.
Risk Guarantee.
- We offer a Money Back Guarantee.
Our 2 day HIPAA Compliance Workshop — the fastest and easiest way to achieve full HIPAA compliance.
You can attend the HIPAA Compliance Workshop in-person or online.
Trusted by Healthcare Leaders Nationwide
Organizations nationwide rely on HIPAA EXPRESS to achieve full compliance—smarter, faster, and completely stress-free.
“After a breach incident occurred in fall 2018, I contracted Roger Shindell at HIPAA Solutions for guidance and assistance. As a small business and young company, our small budget is always a concern when hiring any consulting agency. Roger worked with me to set up a payment plan so that we could begin the process of ensuring we were fully compliant with HIPAA policies as well as providing guidance on how to handle the breach itself.”
Lacey Peters, M.A., CCC-SLP/L
Owner, Speech Language Pathologist, Midwest Speech Therapy
“Due to limited time and resources, figuring our where to even begin with HIPAA compliance assessment was overwhelming. You and your team made the risk assessment process effortless! The time we have spent with the Carosh team has been a pleasure, we look forward to a long term relationship with HIPAA.”
Becki Chapin
Human Resource Administrator, Jackson County Iowa
“Their attention to detail, proactive organizational strategy and alignment are second to none!”
Dr. Matt McCullough
Owner, Ankeny Dental Professionals, P.C.
“Though we are in the early phases of our project, working through our Risk Assessment and Repudiation Plan has been a relatively painless process, thus far. This is thanks to you, your team, and the systems that you have in place.”
Elanna Moeller
Vice President of Operations, Forte Residential, inc.
“Working with HIPAA Solutions has given our department an efficient and personally tailored process for ensuring HIPAA compliance.”
Ryan Stephen
I.T. Manager, Cerro Gordo County Department of Public Health
“Please allow me to express our genuine satisfaction with our working relationship with HIPAA Solutions. The professionals at your organization are knowledgeable, responsive, and respectful of our time and resources.”
Shellie L. Goetz, Esq.
Director of Compliance, Gibson
“As far as the biggest surprise, just how involved it is. I think that risk of an incident with my small business is pretty small; however, it if does happen the fines are huge. So it is kind of like insurance – you hope you don’t need it, but if you do you want to make sure that it is comprehensive!”
Lacey Peters, M.A., CCC-SLP/L
Owner, Speech Language Pathologist, Teaching Tots to Talk
“Appanoose County hired HIPAA Solutions to implement security measures to protect the County from malicious software and detect any suspected security issues.”
Linda Demry
County Auditor, Appanoose County, IA
“Previous to my taking office the Privacy Officer had been passed between previous employees in other departments and the records were not up to date or complete as to what had been done to keep up with compliance. Figuring out where to begin was a daunting task. Roger Shindell has made the process of getting Louisa County, up to speed and in compliance with the HIPAA Laws a very smooth transition.”
Sandi Elliot
County Auditor, Louisa County, IA - Southeast Iowa
“HIPAA is presently assisting with the efforts of Washington County to achieve HIPAA compliance and in that regard HIPAA personnel are not only knowledgeable but also a pleasure to work with.”
Daniel L. Widmer
County Auditor, Washington County, IA - Southeast Iowa
“Henry County can now demonstrate our compliance with HIPAA/HITECH. Maintaining compliance is a priority and Henry County will continue to use HIPAA Solutions.”
Sarah Berndt
MPA HIPAA Privacy Officer, Henry County, IA - Southeast Iowa
“HIPAA Solutions is providing Des Moines County a manageable, compliant, and cost effective solution to the daunting task of negotiating Federal HIPAA regulations.”
Tom Broeker
Chairman, Des Moines County, IA - Southeast Iowa
“You demonstrated to us your knowledge, not only of HIPAA, but how it directly impacts our business in a straight forward and easy to understand program.”
David Garrett
Manager of Regulatory Affairs, Sipi Asset Recovery
“Roger and his team have been very thorough in their assessment and the remediation plan, including on-site physical facility reviews. Roger is very knowledgeable in HIPAA Privacy and Security and is committed to helping our agency be secure in our operations.”
Kim Keleher
Director of Outreach & Compliance, Plains Area Mental Health Center
“Your expertise and attention to detail has allowed the region to move quickly to align with the Federal and State regulations.”
Jennifer Vitko
SCBHR CEO, South Central Behavioral Health Region
“Your team’s knowledge, response time, and attention to detail have been excellent. In addition, the assessment process has been smooth and well organized and will really assist us in meeting the new HIPAA omnibus regulations and requirements, and assuring our staff are well-trained.”
Angela Curran
CEO, Community Nurse Health Center
“This is one area of my home health agency where it was vital to pick a consulting firm that would fully understand the whole HIPAA compliance and mitigation process and I felt that after using your services, you more than met our expectations.”
Omar Velazquez
Administrator, Esperanza Home Health Care
“HIPAA has been easy to work with and the time our office staff has had to spend on the risk assessment and remediation plan has been limited, which is a great benefit. Roger Shindell and his staff are very professional and are a pleasure to work with.”
William R. Peterson
Executive Director, Iowa State Association of Counties
Answers to Your Most Common
HIPAA Questions
Organizations across the country rely on HIPAA EXPRESS® to achieve full compliance — faster, smarter, and stress-free.
Am I required to encrypt my emails?
It depends upon what you are emailing. If you are sending PHI, yes, you should encrypt. If you are sending records, you can easily encrypt through Winzip. Your other option is to put the document on a secure server that is encrypted. There are any number of Google Drive, GoDaddy, Dropbox, and others. Windows 7 and 10 include full drive encryption. You can also encrypt PDFs, CDs, and USB drives. Faxing is not considered an electronic communication under HIPAA and is therefore considered secure, though not infallible (e.g., faxing PHI to the wrong party).
I do not do electronic billing, but I do fax documents. Do I need to be HIPAA compliant?
No, faxing does not make you a Covered Entity (CE). However, you may be subject to other regulations around the privacy and security of PHI.
What about text messages?
Clients have the right to request alternate communication methods. If a client requests text messaging, explain the risks and obtain written permission. If a patient texts you, it’s reasonable to assume they understand the risks.
If text messages between providers contain PHI, they must be encrypted. Generic texts such as “your 4:00 canceled” do not need encryption.
How do I know I am getting reliable information about HIPAA?
Check the credentials of the consultant, company, or author. Excellent certifications include:
AHIMA: Certified in Healthcare Privacy and Security (CHPS)
HIMSS: CAHIMS, CPHIMS
ISACA: CISA, CISM, CRISC, CSX
(ISC)²: CISSP, HCISPP
IAPP: Certified Information Privacy Professional (CIPP)
Why do I need HIPAA anyway?
Everyone must take common sense steps to protect patient information privacy and security, especially electronic PHI.
How often do I need to do a security risk assessment (SRA)?
If you are sending PHI, you must encrypt. For records, you can encrypt via Winzip or use secure, encrypted servers. You can also use full-drive encryption, encrypted PDFs, CDs, and USB drives. Faxing PHI is considered secure, though not error-proof.
What are my obligations for training?
All workforce members must be trained on your organization’s specific HIPAA policies and procedures, not just general HIPAA knowledge. Training should occur when an employee starts, before accessing PHI, and after any breach.
My EHR vendor says they are HIPAA compliant. Doesn’t that cover me?
No. Organizations, not technology, are HIPAA compliant. You must perform due diligence on your Business Associates (BAs) to ensure they comply with HIPAA.
What should I do if I get a subpoena?
Verify the subpoena’s validity. Document all disclosures. Ensure the patient has been notified or obtain a protective order that restricts PHI use and requires destruction or return after litigation.
My state requires consent to release mental health info. Did HIPAA erode privacy rights?
No. HIPAA allows you to continue obtaining patient consent, maintaining consistency with your state law.
How do I know which businesses qualify as Business Associates (BAs)?
A BA is anyone working for you who isn’t a workforce member (e.g., third-party vendors). Employees, volunteers, and treatment team members are not BAs. You must assess risks, ensure BAs protect PHI, and terminate agreements if violations persist.
All I have is one computer — why worry about a Security Risk Assessment (SRA)?
HIPAA issues overlap with other privacy regulations. Following HIPAA provides legal protection (“affirmative defense”) if a breach occurs.
How do I know if I am HIPAA compliant?
You should be able to produce:
Your HIPAA policies and procedures manual
Training logs and materials
A security risk assessment (SRA)
A remediation plan
Due diligence documentation for Business Associates
Can we have a sign-in sheet in our waiting room?
Yes. Seeing names on a sign-in sheet is an “incidental disclosure” and not a breach. Some practices use peel-off labels or black out names after sign-in for added privacy.
Does the size of my practice affect my HIPAA compliance?
All Covered Entities must comply, but HHS allows flexibility depending on your organization’s size, resources, and capabilities.
Does everyone in my practice get only the minimum necessary information?
The “minimum necessary” rule does not apply to treatment-related disclosures, patient access to PHI, or authorized releases.
Does HIPAA require me to submit my claims electronically?
No, although some government and private payers may require electronic submission.
Is it acceptable to Skype with patients?
Skype is encrypted, but messages are stored and therefore considered stored PHI. Other secure options include TrueConf, Off-the-Record Messaging, Jitsi, Cryptocat, and Zfone.
In my practice, everyone uses personal cell phones. Is this OK?
Mobile devices must be encrypted due to risk of loss or theft. Practices should enforce policies on lockout, texting, camera use, device inspections, and remote wipe capabilities.
Still Have Questions?
Here are the most common ones we get from healthcare organizations preparing for HIPAA compliance.
Book Your Compliance
Workshop Today
Upcoming HIPAA EXPRESS® workshop dates
Mondays >> 9:00 am to 12:00 pm
Wednesdays >> 1:00 pm to 4:00 pm
Friday/Saturday >> 1:00 pm to 5:30 pm / 9:00 am to 1:30 pm
Compliance is Under your
Complete Control.
Every organization’s compliance journey is different that’s why we offer customized packages tailored to your specific needs. Choose the plan that fits your risk level, budget, and employee time. Whether you need guided support, full-service compliance management, or a hybrid approach, our experts help you stay protected while staying in control.
