Standard engagement
HIPAA Readiness Audit
Find out where you are non-compliant before a regulator does.
A 3-week assessment covering the Security, Privacy, and Breach Notification rules. We map your data flows, audit your access controls, review your BAAs, identify PHI exposure points, and deliver a prioritized remediation plan with evidence templates. Done before you sign your first healthcare client.
from $4,200
3 weeksAWSGCPAptibleDaticaOktaCloudTrail
What ships during the engagement.
Data-flow diagram showing every PHI touchpoint
Access control review (who can see what, why, with audit trail)
BAA inventory across all vendors that touch PHI
What you walk away with.
- PHI data-flow map across your stack
- Access control + audit log review
- BAA inventory with gaps flagged
“They scoped, shipped, and operated our RAG pipeline in twelve days. Citation accuracy on our eval set landed at 92%, and ongoing tuning costs us less than a Slack seat.”
- Are you a Covered Entity or Business Associate?
- Sage Ideas is a Business Associate when handling PHI. We sign BAAs and operate under one with you for the engagement.
- How is this different from SOC 2?
- SOC 2 is auditor-attested controls across security/availability/confidentiality. HIPAA is regulatory and specifically covers PHI. They overlap ~60% but are not interchangeable.
Want to scope HIPAA Audit?
A short call to confirm fit and timeline.