Services & Pricing

Service packages designed to meet you where you are in your compliance journey. Each can be engaged independently or combined for end-to-end readiness support. See our methodology for how the readiness process works.

Readiness Sprint

2–4 weeks

Estimated range: $8,000–$25,000

Market-informed estimate — actual pricing depends on scope and complexity.

Deliverables

  • ePHI inventory and data flow mapping
  • Risk analysis gap assessment against § 164.308(a)(1)
  • Security Rule compliance checklist across all standards
  • BAA inventory review and gap identification
  • Workforce training program assessment
  • Prioritized remediation roadmap with risk rankings
Get Started

Remediation Program

4–12 weeks

Estimated range: $15,000–$60,000

Market-informed estimate — actual pricing depends on scope and complexity.

Deliverables

  • Comprehensive risk analysis development per § 164.308(a)(1)
  • Access control implementation and documentation
  • Audit logging deployment and review procedures
  • BAA template development and execution support
  • Contingency planning — backup, disaster recovery, and emergency mode procedures
  • Workforce security awareness training program
Get Started

Audit Support

During assessment

Estimated range: $5,000–$20,000

Market-informed estimate — actual pricing depends on scope and complexity.

Deliverables

  • OCR audit preparation and readiness review
  • Evidence package assembly organized by Security Rule standard
  • Risk analysis validation and documentation review
  • BAA documentation review and completeness verification
  • Workforce interview coaching and preparation
Get Started

Continuous Compliance

Ongoing (monthly)

Estimated range: $3,000–$10,000/mo

Market-informed estimate — actual pricing depends on scope and complexity.

Deliverables

  • Quarterly risk analysis updates and risk register maintenance
  • Annual Security Rule compliance assessment
  • BAA re-evaluation and renewal tracking
  • Incident response plan testing and tabletop exercises
  • Workforce security awareness training refreshers
Get Started

Who Does What: RACI Matrix

A clear engagement model ensures that responsibilities are understood from day one. The matrix below shows who is Responsible (R), Accountable (A), Consulted (C), and Informed (I) for each workstream.

Workstream Founder / CEO CTO / VP Eng Security / Compliance Ops / COO HR Eng / SRE Reviewer
Approve scope and goals A C R C I I I
Control design and mapping I A R C C R C
Policy adoption A C R R C I I
Evidence collection I A R C C R I
Vendor management evidence I C R A I I I
Review coordination I C A/R C C C R