HIPAA123 Program Details

HIPAA policies review with HIPAA123 Compliance Officer’s comments

Once per month, you may submit any changes to your policies and procedures for our Compliance Officer to review and comment on.

One annual HIPAA Risk Assessment report review with HIPAA123 Compliance Officer’s comments

Once per year, you may submit your annual risk assessment for  our Compliance Officer to review and comment on.

Quarterly Executive Level Q/A call with the HIPAA123 Compliance Officer (if requested)

Once every three months, you can request a call with our Compliance Officer to discuss your medical practice's progress and compliance program status.


All Office Management reports [see the FOR MANAGEMENT tab above]

Owners / Leadership receive all the same reports office management receives.

Reports on Office Management's opening of alerts and news communications

Owners / Leadership receive reports on the activities of office management to ensure the receive the guidance and support they need.

Weekly updates on current or coming regulatory changes and guidance on what to do and how to do it
No need to monitor the Internet for changes to HIPAA or new data security regulations. Weekly updates on related content are delivered directly to your inbox.

Weekly updates on recent enforcement actions and related news
Knowing what federal, state, and local agencies are doing with regard to enforcement will create best practices at your organization. This keeps everyone prepared in the event of an audit or security incident investigation.

Email Q/A with a Certified HIPAA Compliance Officer
Questions about HIPAA can simply be emailed to HIPAA123 for guidance and support.

New workforce member HIPAA orientation with documentation
Your organization gets an account at HIPAAbooster.com so that new workforce members or those needing refresher training get the required education along with their certificates. Management gets the required documentation to demonstrate compliance.


Reporting on the results of simulated workforce phishing attempts
Management gets reports on those workforce members who clicked on the fake emails we send so they can provide follow-up coaching and training.

Reporting on which workforce members are not opening the security reminder emails
Management gets reports on those workforce members who are not opening and viewing the HIPAA-required security reminder communications so they can follow-up and provide the needed coaching.

Reporting on which workforce members are not opening refresher education emails
Management gets reports on those workforce members who are not opening and viewing HIPAA and cybersecurity refresher education emails so they can follow-up and provide the needed coaching.

Reporting on workforce members' training results
Management gets reporting on and the results of workforce members' education outcomes at HIPAAbooster.com (medical practice membership included)

Documented periodic email security reminders (as required by HIPAA)
Entities must take reasonable and appropriate measures to remind the workforce of the applicable security policies and procedures, as well as document the type of reminder, the message, and the dates of implementation. Ref. CFR § 164.308(a)(5)(ii)(A)

Simulated email phishing campaigns
HIPAA123 will make email attempts to get your workforce to "fall for" fake emails and other social engineering attacks, which, had they actually been successful, could have potentially resulted in an account takeover, cyber attack, or a reportable breach of information at the medical practice.

HIPAA refresher education (as required by HIPAA).
Entities must implement a security awareness and training program for all workforce members. Ref. CFR § 164.308(a)(5)

Cyber security education
A training account for the medical practice's workforce with cybersecurity mini-courses is included so the staff can stay updated on the latest threats to medical practices.

How much time will your team save?
How informed and prepared will they be with HIPAA123?