Knowledge Bank
Data Privacy & HIPAA Compliance Insights
Practical US data privacy guidance for small healthcare practices and small to mid-sized businesses. Written by a CIPP/US certified privacy advisor.
Latest
Most recent- Practical
Should Your Office Manager Be Your HIPAA Privacy Officer?
HIPAA lets your office manager be the privacy officer, and most small practices do it. The risk is a title without the time, training, or authority to do the job.
- Practical
HIPAA Software at $39/Month: What You Get and Don't
A $39/month HIPAA software subscription gives you templates and a checklist, not the documented Risk Analysis OCR requires. Here's the gap, and what it costs.
- Practical
Katy, TX Healthcare Marketing: The Privacy Risks to Fix
Tracking pixels, online reviews, and testimonials are quiet HIPAA risks for Katy, TX healthcare practices. Here is what to fix in your marketing.
HIPAA Compliance
18 posts- Practical
Should Your Office Manager Be Your HIPAA Privacy Officer?
HIPAA lets your office manager be the privacy officer, and most small practices do it. The risk is a title without the time, training, or authority to do the job.
- Practical
HIPAA Software at $39/Month: What You Get and Don't
A $39/month HIPAA software subscription gives you templates and a checklist, not the documented Risk Analysis OCR requires. Here's the gap, and what it costs.
- Case Study
OCR Fines Four Healthcare Entities in April 2026 Ransomware Sweep
OCR fined four healthcare entities $1.165M in a single day in April 2026; all breaches traced back to missing HIPAA risk analyses.
- Insight
Compliancy Group's The Guard: What It Covers and What It Misses
After six months with The Guard, here's what the platform covers and where OCR's 2025 enforcement priorities expose real gaps.
- Practical
Top 5 Reasons OCR Fines Small Healthcare Practices in 2026
OCR's 2026 fines against small healthcare practices repeat five root causes: missing Risk Analysis, Right of Access failures, ransomware fallout, BAA gaps, and tracking pixels.
- Practical
Drata vs Fractional Privacy Officer: Which Does Your Healthcare Practice Need?
Drata automates compliance controls for tech companies pursuing SOC 2. A fractional privacy advisor does something different. How small healthcare practices should choose.
- Practical
Cyber Insurance Renewal: The HIPAA Attestation Trap for Texas Practices
Texas healthcare practices renewing cyber insurance face HIPAA attestations. A 'yes' without documentation can void coverage and trigger OCR scrutiny.
- Practical
First 72 Hours After an OCR Investigation Letter: What Healthcare Practices Should Do
Got an OCR investigation letter? Here is the response timeline, the documents OCR requests, and the mistakes that turn a complaint into a settlement.
- Educational
Why a HIPAA Compliance Seal Will Not Save You in an OCR Investigation
HIPAA compliance seals offer no legal protection during OCR investigations. Learn what regulators actually examine and how to prepare the right way.
- Educational
Compliancy Group Review: What the ADA Endorsement Does and Does Not Cover
The ADA endorses Compliancy Group for HIPAA compliance. Here is what that endorsement means for your dental practice and three things it does not cover.
- Educational
The HIPAA Risk Analysis OCR Actually Wants to See
When OCR opens an investigation, the Risk Analysis is the first document they request. Most small practices submit something that does not meet the standard.
- Educational
Accountable HQ Says No Consultants Needed. Here Is Where That Breaks Down.
Accountable HQ says you don't need a HIPAA consultant. Here is what their software covers well, and the three specific gaps it cannot close.
- Educational
HIPAA Compliance for Solo Practitioners in Texas
Solo Texas practitioners comply with HIPAA AND HB 300. State law adds 15-business-day record access, 90-day training, and separate Texas AG penalties.
- Educational
Why Your IT Provider's BAA Does Not Make Your Practice HIPAA Compliant
An IT provider's BAA is necessary, not sufficient. What the BAA covers, what stays with the practice, and why OCR enforcement keeps proving the gap.
- Educational
Medcurity vs Patient Protect vs a Real HIPAA Risk Analysis: Honest Comparison
Honest comparison of Medcurity ($499/yr), Patient Protect ($39 to $99/mo), and a real CIPP/US Risk Analysis. What each delivers and the audit-protocol gap.
- Educational
What Your HIPAA Software Cannot Do: 7 Gaps Every Practice Owner Should Audit
HIPAA software handles documents and training. It cannot satisfy the seven OCR-audit requirements that actually fail small healthcare practices...
- Educational
Compliancy Group vs Human HIPAA Consultant: Decision Guide
Compare Compliancy Group software vs hiring a human HIPAA consultant for your practice. OCR enforcement actions in 2025 ranged from $5,000 to $3 million.
- Educational
What the SECURE Data Act Means for Small Healthcare Practices
A new federal privacy bill was introduced this week. Here is why HIPAA obligations for small healthcare practices do not change.
US State Privacy Laws
5 posts- Educational
5 signs your small business already falls under state privacy laws
5 signs your small business already falls under state privacy laws
- Educational
Delaware DPDPA: Small Business Privacy Law Compliance Guide
Delaware's DPDPA privacy law has a 35,000 consumer threshold with $10,000 penalties per violation. Learn if your small business needs compliance.
- Educational
Colorado Now Has America's Costliest State Privacy Law
Colorado eliminated cure periods Jan 1, 2025. CPA now enforces $20,000 per violation immediately - highest in US. Small business compliance guide.
- Educational
State Privacy Law Thresholds: When Does Your Business Need to Comply?
Most businesses think they're too small for state privacy laws. They're wrong. Learn how to calculate whether you've already crossed a compliance threshold.
- Educational
Texas Data Privacy Act: Business Compliance Guide 2025
Complete guide to Texas Data Privacy and Security Act compliance. Learn requirements, deadlines, and practical steps for your business.
Vendor Risk & BAAs
3 posts- Practical
HIPAA Vendor Contracts: What Every Practice Must Know
Missing or incomplete BAAs expose your practice to OCR penalties, Texas AG enforcement, and seven-figure breach costs. Here is what the rules require.
- Educational
BAA vs DPA: What's the Difference and When Do You Need Each?
BAAs cover PHI under HIPAA. DPAs cover personal data under state privacy laws. Here is the difference, when each is required, and the vendors that need both.
- Educational
Case Study: Building a Privacy-Compliant Vendor Program for a Multi-Location Hospitality Business
How a valet and parking management company operating across Houston and Dallas built a defensible vendor privacy program in 30 days, without outside counsel.
Healthcare by Specialty
7 posts- Practical
Katy, TX Healthcare Marketing: The Privacy Risks to Fix
Tracking pixels, online reviews, and testimonials are quiet HIPAA risks for Katy, TX healthcare practices. Here is what to fix in your marketing.
- Practical
Houston Pediatric Dentists and HIPAA: Special Rules You Should Know
HIPAA rules for Houston pediatric dentists: records access, parental rights, Texas HB 300 penalties, and what OCR enforcement means for your practice.
- Practical
HIPAA Compliance for Telehealth Practices: BAAs, Pixels, and State Rules
Telehealth has HIPAA exposure most guides miss: video-platform BAAs, portal tracking pixels, cross-state licensing, DEA prescribing rules.
- Educational
OCR Is Now Targeting Parental Access to Children's Records. Here Is What Pediatric Practices Need to Check.
OCR made parental access to children's medical records a 2026 enforcement priority. Learn what HIPAA requires and how EHR settings create violations.
- Educational
Texas Mental Health Practices and HIPAA: The Tracking Code Gap
Texas mental health practices face unique HIPAA risks from website tracking pixels. Learn how one-third still use non-compliant codes despite $100M+ in penal...
- Educational
Houston Dermatology Practice Owners: Your HIPAA Tracking Pixel Risk
A 2024 court cleared some tracking pixel risk. Here is what stayed in place for Houston dermatology practices using online appointment booking.
- Educational
HIPAA Risk Analysis for Small Dental Practices in Houston: A Local Owner's Guide
Houston dental practices: HHS requires a written, site-specific HIPAA Risk Analysis under 45 CFR 164.308(a)(1)(ii)(A). Here is what it must cover.
General
4 posts- Educational
COPPA Compliance for Small Business: The Deadline Has Passed. Are You Protected?
The COPPA compliance deadline was April 22, 2026. The updated FTC rule is in effect. Here is what small businesses need to know and do to stay compliant.
- Educational
FTC AI Privacy Enforcement Guide for Houston SMBs
Learn how FTC's case-by-case AI and privacy enforcement affects Houston SMBs. Expert insights from CIPP/US certified consultant on compliance strategies.
- Educational
Meta's $375M Fine: Child Privacy Lessons Houston TX
Learn how Meta's $375M COPPA fine impacts small businesses. Expert insights on protecting children online and avoiding privacy violations in Houston.
- Educational
Do Small Businesses Need a Chief Privacy Officer? The Fractional Model Explained
A CPO isn't a headcount, it's a function. Here's what privacy leadership actually looks like for businesses under $50M.