Compliance ops
Compliance Operations Hub
A hub for the day-to-day operational controls that make HIPAA work defensible in a small clinic: audit trails, access, policy acknowledgements, evidence, vendor tracking, and accountable task flow.
Learning center
PHI and HIPAA guidance for the teams deciding where patient data can safely live.
Use these hubs to move from definitions into operations and vendor decisions. The educational layer is meant to reduce ambiguity around PHI, then route higher-intent readers into the right product or commercial next step.
Hubs
Start with the PHI or HIPAA category that is currently creating the most confusion.
HIPAA basics
HIPAA Basics for Small Clinics
A hub for the HIPAA definitions, obligations, and operating concepts small clinics need before evaluating vendors or workflows.
Incident response
HIPAA Incident Response Hub
A hub for the breach-assessment, documentation, and notification workflows that matter when a clinic suspects a privacy or security incident.
Risk analysis
HIPAA Risk Analysis Hub
A hub for the annual risk analysis workflow small clinics need to document, refresh, and turn into remediation work.
PHI fundamentals
PHI Fundamentals
A hub for the definitions, identifiers, exceptions, and edge cases healthcare teams need before they choose tools or workflows for patient information.
PHI tools
PHI Tools and Vendors
A hub for how healthcare teams evaluate collaboration, file-sharing, automation, and forms vendors before putting PHI-bearing workflows into them.
PHI workflows
PHI Workflows
A hub for how PHI appears in messaging, files, forms, spreadsheets, AI tools, and operational coordination workflows across healthcare teams.
Vendor management
Vendor Management and BAAs Hub
A hub for the vendor review, BAA, and pricing questions that matter when small clinics let third parties touch PHI.
Workforce training
Workforce Training and Access Hub
A hub for HIPAA training, onboarding, access reviews, and offboarding workflows in small clinics.
Free clinic resource
HIPAA Compliance Self-Assessment
Download a practical self-assessment to spot the biggest control and workflow gaps before they become fire drills.
Recently updated
Fresh articles with visible attribution, direct answers, and source lists.
State guides HIPAA compliance software by state Commercial state pages for clinics comparing BAA-ready software and operating controls. State guides HIPAA breach notification by state Operational state pages for incident triage, OCR timelines, and notice checkpoints. Compliance ops HIPAA Compliance for Michigan Medical Clinics HIPAA compliance for Michigan clinics: breach notification, medical records access, mental health confidentiality, and action. Compliance ops HIPAA Compliance for North Carolina Medical Clinics HIPAA compliance for North Carolina clinics: breach notification, NC medical record copy fees, HIV confidentiality, mental health records, and action. Compliance ops HIPAA Compliance for Ohio Medical Clinics HIPAA compliance for Ohio clinics: Ohio Data Protection Act safe harbor, breach notification, HIV confidentiality, and action items. Compliance ops HIPAA Compliance for Texas Medical Clinics HIPAA compliance for Texas clinics: HB 300 training, broader business associate obligations, Texas AG enforcement, and 5 action items. Compliance ops Texas AG HIPAA Enforcement: What Clinics Need to Know Texas AG enforces HB 300 training under Ch. 181 alongside OCR HIPAA enforcement. What Texas clinics need to document and how AG investigations differ. HIPAA basics What Is a Business Associate Agreement Under HIPAA? Business associate agreement (BAA) explained: what it is, when HIPAA requires it, required contract elements under 45 CFR §164.504(e), and OCR penalty risk. Compliance ops 42 CFR Part 2 Updated Rules: What Clinics Treating Substance Use Disorders Must Know 42 CFR Part 2's 2024 amendments change SUD record consent, add breach notification, and partially align with HIPAA. What clinics treating SUD patients must do. Compliance ops Colorado Privacy Act and HIPAA: What Colorado Clinics Must Know Colorado Privacy Act vs. HIPAA: when Colorado clinics face CPA obligations, data subject rights, and what the CPA's health data provisions mean for small.
Operational assurance
Use the library to clarify the problem, then inspect the product.
The learning center should reduce confusion, not trap high-intent readers in editorial loops.
BAA included Legal baseline available on every plan.
Audit history Compliance actions stay reviewable later.
No card upfront Start evaluation before billing setup.
No credit card required. Add billing details later if you want service to continue after the trial.