Checklists
This is one of our most popular products. Use this checklist to help you determine if you're a covered entity or business associate under HIPAA. Bundle it with our FTC Basics Checklist to understand your complete privacy obligations under both federal laws.
This form covers a person’s right to request their records and information under HIPAA. You can customize it to your business by adding your contact information, business name, and replacing the logo with your business logo.
This toolkit helps HIPAA-covered entities and business associates prepare for, detect, respond to, and document any suspected or confirmed privacy breach involving Protected Health Information (PHI). It includes policies, forms, templates, and notification samples to help ensure compliance with HIPAA's Breach Notification Rule.
Cheat sheet to safely use AI in compliance with the Minimum Necessary Standard.
This is one of our most popular products. Use this checklist to help you determine if you're covered by the FTC’s Health Breach Notification Rule. Bundle it with our HIPAA Basics Checklist to understand your complete privacy obligations under both federal laws.
This form covers a person’s right to request an addendum or correction to their records and information under HIPAA. You can customize it to your business by adding your contact information, business name, and replacing the logo with your business logo.
This FTC Privacy Impact Assessment (PIA) helps you understand how your product or service collects, uses, and shares health-related data—and whether you may be subject to FTC breach notification requirements.
If your product deals with health-like data but you’re not a HIPAA-covered entity, this is especially important.
This assessment typically takes 15–30 minutes to complete. You can use it internally, or share it with your legal, compliance, or tech team to review.
New AI tool on your radar? Don’t jump in without a compliance check. Here’s a simple Risk Mitigation Template you can use before bringing an AI tool into your workflow. FREE FOR A LIMITED TIME ONLY.
This is one of our most popular products. Use this checklist to help you determine if your AI use in your business is risky. Bundle it with our HIPAA Basics and FTC Basics Checklists to understand your complete privacy obligations under federal laws.
This form covers a person’s right to request restrictions on the use, disclosure, and access to their records and information as it relates to your company’s operations and activities. You can customize it to your business by adding your contact information, business name, and replacing the logo with your business logo.
This FTC Privacy Impact Assessment (PIA) helps you understand how your product or service collects, uses, and shares health-related data—and whether you may be subject to FTC breach notification requirements.
If your product deals with health-like data but you’re not a HIPAA-covered entity, this is especially important.
This assessment typically takes 15–30 minutes to complete. You can use it internally, or share it with your legal, compliance, or tech team to review.
A rapid, self-assessment for small practices and solopreneurs designed to take inventory of AI use and understand your risk posture. It can be completed in 20 minutes.
Intended to be placed on your website that explains your business’s privacy practices and obligations with patient data. We have provided three different versions of a HIPAA Notice of Privacy Practices (NPP). You may select the best version that fits your business and clientele. We have also included an Acknowledgment of Receipt of NPP, as required by HIPAA to be completed by patients of covered entities.
This form covers a person’s right to request an accounting of disclosures of their records and information under HIPAA. You can customize it to your business by adding your contact information, business name, and replacing the logo with your business logo.
Use this toolkit to comply with the FTC Health Breach Notification Rule (HBNR). It contains the resources, procedures, and templates needed to prepare for, respond to, and document any reportable privacy breach involving personal health record (PHR) identifiable health information.
Use this addendum to update your current Business Associate Agreements with your vendors that leverage AI tools. It clarifies permitted uses of AI features and ensures they align with the HIPAA Privacy Rule, Security Rule, and Minimum Necessary Standard. This version has minimal legalese.
Intended to be placed on your website that explains your business’s privacy practices and obligations with client data. We have provided three different versions of a FTC HBNR Notice of Privacy Practices (NPP). You may select the best version that fits your business and clientele. We have also included an Acknowledgment of Receipt of NPP, to be completed by your clients which confirms their receiving your NPP.
Use to document your business’s data use and for disclosure to individuals per FTC’s Health Breach Notification Rule. You can customize it to your business by adding your contact information, business name, and replacing the logo with your business logo.
Use this toolkit to comply with the FTC Health Breach Notification Rule (HBNR). It contains the resources, procedures, and templates needed to prepare for, respond to, and document any reportable privacy breach involving personal health record (PHR) identifiable health information.
Use this toolkit to implement and leverage your use of AI in a HIPAA-compliant approach.
This form covers a person’s right to request confidential communications under HIPAA. You can customize it to your business by adding your contact information, business name, and replacing the logo with your business logo.
Use this form when a potential privacy incident occurs involving PHI. This tool guides you through the required 4-factor risk assessment to determine whether the incident qualifies as a reportable breach under HIPAA.
This policy covers the Minimum Necessary Standard under HIPAA and your company’s application of the standard in its operations. You can customize it to your business by adding your contact information, business name, and replacing the logo with your business logo.
This policy outlines the acceptable use of AI tools and automation platforms within your business to ensure compliance with the HIPAA Privacy and Security Rules. You can customize it to your business by adding your contact information, business name, and replacing the logo with your business logo.