HIPAA & Healthtech Startups

I live and breathe startups! I’ve founded two of my own and consulted with many others. Most other HIPAA experts are basically bureaucrats and red-tape-lovers at heart. I’m an entrepreneur who understands and appreciates what you’re trying to do.

Before you launch your health tech product and before you sign contracts with any customers, you must complete a thorough and accurate HIPAA risk assessment. A risk assessment is required by law and it is the first document investigators will ask for if there’s a security incident involving patient data.

But don’t view this as just a bureaucratic hurdle. The risk assessment is an opportunity to document your processes, make your product more secure, and ultimately make your company more valuable.

This Project is aimed for early stage health tech startups who have begun to build their teams and decide on their tech stack. Now is the time to build a foundation for security, privacy, and compliance. We’ll interview technical and business stakeholders at your company to create customized risk assessment and security roadmap for your new product. Requires 2 to 3 hours of work from your team. Deliverable is a risk assessment report approximately 10 pages long.

This Project will give your team a clear implementation plan. And it will give your investors the confidence that you are proactively addressing your legal obligations.

Project Steps

1. Watch my 1 hour video, "HIPAA for software startups"

Not only will you learn important facts about HIPAA, you'll learn a risk management philosophy that balances your business goals with regulatory compliance.

2. Assemble your team and schedule a quick discovery call

There's more to HIPAA than just technology. We'll be discussing software development, hosting, office IT operations, hiring practices, contracts with your customers, and more. Together, we'll identify all the key stakeholders at your company.

3. Bring your team to the risk assessment meeting ready to answer questions

I'll lead a video call with your team so I can learn about current and planned operations, both technical and strategic. I'll line up everything to the HIPAA requirements and also bring in best practices from NIST 800-53, the cybersecurity "Bible."

4. Review our findings and recommendations

About a week after our meeting, I'll be ready with a customized risk assessment report. I'll present it to your team and walk through everything. My recommendations will be realistic and focused on creating business value, not just "compliance."

5. More questions later? Don't hesitate to contact me

As your company grows, new questions pop up. I'm always happy to take a call from a client and talk through new ideas. I'll support you long term and I'll be here when a new consulting project will help you unlock more growth.

Frequently Asked Questions

What's your expertise in software?

I've launched about a dozen different software products in my career, including the first commercial anti-spam software for Macs way back in 2002. I'm currently CTO for a health technology startup that builds EHRs for clinics in Mexico.

Schedule now

What's your background in HIPAA compliance?

I have been working with HIPAA for about ten years. Six years ago, I began conducting risk assessments for hospitals and clinics. In the last three years, my focus has been helping health tech startups.

Talk to an expert

What do you know about startups?

I live and breathe startups! I've founded two of my own and consulted with many others. Most other HIPAA experts are basically bureaucrats and red-tape-lovers at heart. I'm an entrepreneur who understands and appreciates what you're trying to do.

Start learning

HIPAA compliance questions?

Talk to one of our experienced risk analysts

NIST standards questions?

Get some clarity from one of our cybersecurity experts