For Healthcare Practices & Health IT

Most HIPAA fines are for missing paperwork — not hackers.

A do-it-yourself HIPAA compliance kit: the Security Risk Analysis HHS requires, the BAA your vendors need, and the policies that prove due diligence — mapped to the HIPAA Security Rule. Close the gaps that actually get small practices penalized.

Security Rule §164.308/.310/.312 Risk analysis + BAA Instant download
$147 one-time
Instant download · no subscription
  • HIPAA Security Rule Readiness Checklist (80+)
  • Security Risk Analysis template + register
  • Business Associate Agreement (BAA)
  • Access Control & Authentication policy
  • Workforce Security & Training + log
  • Contingency / Backup plan
  • Breach Notification procedure
Get Instant Access →

Secure checkout via Stripe · Questions? sanchez@ironsentinelhq.com

The paperwork HHS actually asks for.

Each document maps to the HIPAA Security Rule and Breach Notification Rule — the exact areas an OCR investigation samples.

Security Rule Readiness Checklist

80+ checks across Administrative, Physical, and Technical safeguards with Met/Gap scoring.

§164.308/.310/.312

Security Risk Analysis + Register

The documented analysis HIPAA explicitly requires — methodology + a pre-seeded register.

§164.308(a)(1)

Business Associate Agreement

The document most practices are missing. Flow-down, breach reporting, return/destruction.

§164.314

Access Control & Authentication

Unique IDs, minimum-necessary, MFA, automatic logoff, emergency access.

§164.312

Workforce Security & Training

Authorization, termination, acknowledgment form, and a training log auditors sample.

§164.308(a)(5)

Breach Notification Procedure

4-factor risk assessment, the 60-day rule, and HHS/individual/media thresholds.

§164.400–414

Compliance consultant vs. this pack

Typical HIPAA consultant

$10,000–$25,000

Bills hourly to produce the same risk analysis, BAA, and policies — starting from a blank page.

HIPAA Compliance Pack

$147

The risk analysis, BAA, and full policy set — done. Do the work yourself; bring us in only for the gaps.

Healthcare-grade rigor. Small-practice price.

Hospital & healthcare ITNIST RMFNIST SP 800-53CompTIA Security+ / CySA+ISC2

Need broader governance too?

The Full Compliance Kit adds 12 governance templates — charter, backup, remote work, training, and more. Add it for just $100 more than this pack alone.

$247 full kit
Get the Full Kit →

Before you buy

Does this make me "HIPAA certified"?

There is no official government HIPAA certification. This pack gets you compliance-ready: the risk analysis, BAAs, and policies HHS expects, with documentation you can show an investigator.

I'm a small practice — is this enough?

For most small practices and health-IT vendors, yes — it closes the gaps that get cited most. Larger or higher-risk orgs should add a vCISO engagement.

Should a lawyer review the BAA?

Yes — we recommend counsel review the BAA before use. It's a real contract.

What if I need help?

Iron Sentinel runs HIPAA readiness sprints and vCISO retainers. Book a free Risk Snapshot from our home page.