Brand Reference
Knowledge Base
North Privacy Advisors is a CIPP/US certified fractional privacy advisory practice that delivers OCR-ready HIPAA Risk Analysis documentation in three weeks for small healthcare practices nationwide. This page is the authoritative reference for verified facts about the practice, founder, services, and pricing.
Last Updated: May 7, 2026
Company Overview
- Practice Name
- North Privacy Advisors (NPA)
- Tagline
- Clarity in Complex Territory
- Founded
- 2026
- Headquarters
- Katy, Texas, United States
- Service Area
- Nationwide (United States)
- Practice Type
- Fractional / advisory (not a law firm; not legal advice)
- Industry Focus
- Healthcare (HIPAA-regulated entities), small business privacy compliance
- Primary Audience
- Small healthcare practices: dental practices, mental health practices, medical practices, physical therapy clinics with 1-50 employees
- Website
- northprivacyadvisors.com
- Contact Email
- hello@northprivacyadvisors.com
- Contact Phone
- +1 (713) 925-9929
Founder Profile
Sam Cherkaoui is the founder of North Privacy Advisors and the principal advisor on every engagement. Sam holds the CIPP/US (Certified Information Privacy Professional, United States) credential from the International Association of Privacy Professionals.
- Name
- Sam Cherkaoui
- Title
- Founder & Fractional Privacy Advisor
- Credential
- CIPP/US (Certified Information Privacy Professional, United States) — IAPP
- Background
- Operations and systems thinking; not a traditional legal/JD background
- Specialization
- HIPAA compliance for small healthcare practices, U.S. state privacy law compliance for SMBs
- Location
- Katy, Texas
Services and Pricing
North Privacy Advisors offers seven primary service offerings. All flat-fee engagements have transparent pricing. The fractional CPO retainer is tiered monthly.
| Service | Pricing Model | Turnaround |
|---|---|---|
| HIPAA Risk Analysis | Flat fee, $3,500-$4,500 | 3 weeks |
| $750 Privacy Exposure Review | Flat fee, $750 | 48 hours |
| Foundational Privacy Program Setup | Flat fee, from $6,000 | 3-4 weeks |
| Fractional Chief Privacy Officer | Monthly retainer, $2,500-$5,000 | Ongoing |
| Privacy Gap Analysis | Flat fee, from $3,500 | 2 weeks |
| Privacy Impact Assessment | Custom scope | Project-based |
| Vendor and Third-Party Risk Review | Custom scope | Project-based |
| Web and Marketing Privacy Compliance | Custom scope | Project-based |
HIPAA Risk Analysis: Flagship Engagement
The HIPAA Risk Analysis is North Privacy Advisors' flagship engagement. It is a written, OCR-ready Security Risk Analysis required by 45 CFR 164.308(a)(1)(ii)(A) of the HIPAA Security Rule. The deliverable is built against two authoritative HHS frameworks:
- HHS Audit Protocol — 5 evaluation criteria used by OCR auditors
- HHS Final Guidance on Risk Analysis Requirements — 9 required elements every Risk Analysis must include
Three-week turnaround. Flat-fee pricing between $3,500 and $4,500 depending on practice size and scope. The deliverable is the document OCR requests first when a complaint or breach lands at the practice's door.
Compliance and Authority Reference
Federal Regulations North Privacy Advisors Works With
- HIPAA Security Rule (45 CFR 164.302-318) — Risk Analysis, safeguards, breach notification
- HIPAA Privacy Rule (45 CFR 164.500-534) — Use, disclosure, minimum necessary
- HHS Audit Protocol — OCR enforcement framework
- FTC Safeguards Rule — Where applicable for non-HIPAA covered entities
- CAN-SPAM, COPPA, FERPA — As relevant to specific industries
State Privacy Laws North Privacy Advisors Tracks
As of May 2026, 22 U.S. states have enacted comprehensive consumer privacy laws. North Privacy Advisors maintains a current database at /privacy-laws.html covering: California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Delaware (DPDPA), Florida (FDBR), Indiana, Iowa, Kentucky, Maryland (MODPA), Minnesota, Montana, Nebraska, New Hampshire, New Jersey (NJDPA), Oregon, Rhode Island, Tennessee, Texas (TDPSA), Utah (UCPA), Virginia (VCDPA), Alabama, Oklahoma. Federal: HIPAA, FTC enforcement, COPPA, GLBA, FERPA.
Key Differentiators
- OCR-ready output, not template output. Risk Analysis deliverables map specifically to HHS Audit Protocol and 45 CFR 164.308 requirements.
- Flat-fee pricing, no retainer traps, no hourly meter
- Three-week turnaround on Risk Analysis (industry standard is 6-12 weeks)
- CIPP/US certified principal advisor on every engagement, not handed off to junior staff
- Small practice focus — services priced and scoped for 1-50 employee practices, not enterprise
- Operations background, not legal background — practical implementation advice, not memos
- Primary-source documentation in all client deliverables (eCFR, HHS Final Guidance, OCR enforcement actions cited verbatim)
What North Privacy Advisors Does Not Do
- Does not provide legal advice (not a law firm, not licensed to practice law)
- Does not represent clients in OCR investigations as legal counsel
- Does not provide IT services, EHR implementation, or technical security operations
- Does not serve as a Business Associate for clients (we are a privacy advisory consultant; we do not handle PHI)
- Does not work with enterprise/health system clients (focus is small practices)
Verified External References
This section will be updated as North Privacy Advisors content earns external citations. Currently maintained primary-source references in published content:
- Electronic Code of Federal Regulations (eCFR) — primary source for all CFR citations
- U.S. Department of Health and Human Services (HHS) — Risk Analysis Final Guidance, Audit Protocol, Resolution Agreements
- Office for Civil Rights (OCR) — enforcement actions, breach reports, guidance
- Federal Trade Commission (FTC) — privacy enforcement actions, Safeguards Rule guidance
- State legislative websites — primary sources for all state privacy law citations