24 HIPAA Policy Documents
Written by Your Agent
The agent writes all 24 HIPAA-required policies customized to your practice. Delivered via email. Signed via magic link. No templates. No copy-paste.
Deploy Full Compliance → $299/moHow It Works
Agent scans your practice
Using your NPI and scan data, the agent understands your practice type, size, and infrastructure.
Policies are generated
Claude writes all 24 policies customized to your practice — not generic templates copied from the internet.
Delivered via email
Complete policy package arrives in your inbox as downloadable PDFs. Review on your own time.
Sign via magic link
Each policy includes a magic link for attestation. Click to sign — no portal login required. Agent tracks all signatures.
All 24 Policies Included
Each policy is customized to your practice type, size, and compliance posture.
Access Control
Who can access ePHI systems, authentication requirements, and role-based permissions
Audit Controls
How system activity is logged, reviewed, and retained for compliance evidence
Breach Notification
Step-by-step procedures when a breach is discovered, including HHS reporting timelines
Contingency Plan
Data backup, disaster recovery, and emergency mode operation procedures
Device & Media
Rules for laptops, USB drives, mobile devices, and removable media containing ePHI
Disposal
Secure destruction of hardware, media, and paper records containing patient data
Encryption
Encryption standards for data at rest and in transit, key management procedures
Facility Access
Physical access controls, visitor logs, workstation placement, and building security
Incident Response
How to identify, contain, investigate, and recover from security incidents
Information Access
Minimum necessary standard, access authorization, and access modification procedures
Integrity
Mechanisms to protect ePHI from improper alteration or destruction
Password Management
Password complexity, rotation, multi-factor authentication, and credential storage
Physical Safeguards
Facility security plan, maintenance records, and hardware inventory controls
Privacy
Patient rights, use and disclosure rules, Notice of Privacy Practices requirements
Remote Access
VPN requirements, home office security, telehealth workstation standards
Risk Management
How identified risks are prioritized, mitigated, and tracked to resolution
Transmission Security
Encryption and integrity controls for ePHI transmitted over networks
Workstation Security
Screen lock policies, endpoint protection, and workstation use restrictions
Workforce Security & Access Termination
Workforce clearance procedures, access authorization, and termination of access within required timeframes (§164.308(a)(3), §164.308(a)(4))
Facility Access Control
Contingency operations facility access, facility security plan, access control and validation, and maintenance records (§164.310(a), §164.310(b), §164.310(c))
Device & Media Disposal
Procedures for final disposition of ePHI hardware and media, and reuse of electronic media (§164.310(d)(2)(i), §164.310(d)(2)(ii))
Automatic Session Termination
Electronic procedures that terminate sessions after a predetermined period of inactivity (§164.312(a)(2)(iii))
Configuration Management & Secure Deployment
Secure baseline configurations, change management procedures, and deployment controls for systems handling ePHI (Proposed New Requirement)
Vulnerability Management & Penetration Testing
Scheduled vulnerability scanning every 6 months and annual penetration testing with documented remediation (Proposed New Requirement)
Stop Writing Policies by Hand
Your agent generates all 24 policies, emails them for review, and tracks every signature. Included in the HIPAA Compliance plan.
Deploy Full Compliance → $299/mo