Skip to content
For Bay Area healthcare organizations

HIPAA-aligned environments. BAA-ready.

We design your environment around the HIPAA Security Rule from day one — evidence ready when the auditor asks.

Tell us what’s broken

or call (510) 224-4906

Why we fit

We’ve done this work before.

HIPAA-aligned by default

Access logging, encryption, and minimum-necessary controls — present, documented, and testable from day one.

BAA-ready vendor stack

Every tool we recommend supports a Business Associate Agreement, and we maintain a current BAA library across the stack.

Backup-and-contingency posture

3-2-1-1-0 strategy with regular recovery drills and auditor-ready signed reports.

Counsel-aware, not counsel-replacing

We surface risks early and work alongside your healthcare counsel — we’re an IT partner, not a legal advisor.

Typical scope

A starting point — tailored to you.

HIPAA-aligned environment build

  • Identity and access logging
  • Encryption at rest and in transit
  • Minimum-necessary controls
  • Audit-ready evidence pipelines

Backup, recovery & contingency

  • 3-2-1-1-0 with immutable copies
  • Regular recovery drills
  • Documented recovery posture per system
  • Annual ransomware tabletop

Vendor & BAA management

  • Current BAA library
  • Subprocessor due-diligence on request
  • Annual vendor risk review
  • Counsel handoff for new vendors

Workforce & training

  • Phishing simulations and awareness
  • Security and privacy onboarding
  • Sanctions tracking with HR
  • Role-based access reviews
Common questions

Questions from healthcare.

Don’t see yours? Email the team — a senior engineer answers personally.

Are you HIPAA-compliant?
HIPAA doesn’t have a certification — no vendor is “HIPAA-compliant” in a stamp-on-a-cert sense. We are HIPAA-aligned: we sign BAAs, design environments to the Security Rule, and produce the evidence your covered entity needs.

Will you sign a BAA?
Yes — for any service where we may receive, transmit, or store PHI on your behalf. We keep a standard BAA on hand and will negotiate reasonable redlines.

How deep is your healthcare bench?
This is an active engagement area we’re growing, not a decade-old practice. Where healthcare-specific expertise is needed beyond our core, we partner with named specialists.

Can you onboard us before our HIPAA review or SOC 2 audit?
We work this way often — most clients start with identity, endpoints, backup, and an evidence pipeline, then add depth as the audit timeline approaches.

Do you support 42 CFR Part 2 or state-specific mental health rules?
For the highest-sensitivity workloads we use a designed isolation pattern reviewed with your counsel. We’ll tell you upfront when something is outside our experience.
Worth a conversation

Let’s see if we’re the right fit for your healthcare.

Tell us where you are and what’s coming. We’ll say honestly whether we’re the right fit — and where we’d start.

Tell us what’s broken

Prefer to talk? Call (510) 224-4906.

Call Email the team