Physical Therapy practices

HIPAA for PT practices, where ransomware is now an annual risk.

Ransomware enforcement up 264% since 2018

Plastic Surgery Associates of South Dakota paid $500,000 in October 2024 after RDP brute-force led to ransomware. No risk analysis on file. The Audit Pack documents the analysis, the controls, and the response plan that keep this from being your story.

Take the risk analysis quiz

15 questions · ~8 minutes · 14-page personalized PDF · no card

TODO · vertical-specific deep dive ships after first paid physical therapy customer.

$8.47M+

OCR HIPAA penalties

through Dec 3, 2024

2024 enforcement actions

through December 3, 2024

72hrs

Deployment SLA

from info receipt

Sales calls required

to buy

How we calculate these numbers →

The Frame

Your competitors think HIPAA equals OCR. They're protecting one wall of a four-wall fortress.

A single PHI mishandling event can trigger all four at once. Honest Comply's Audit Pack is the only deliverable in this category designed for all four fronts simultaneously.

Front 01

OCR

Up to $2,134,831 per identical violation per calendar year for willful neglect not timely corrected.

45 C.F.R. § 164.30845 C.F.R. § 102.3

Named example

Gulf Coast Pain Consultants, $1,190,000 CMP, December 3, 2024. Former contractor accessed EMR three times over five months, generating about 6,500 fake Medicare claims.

§ 164.308(a)(3)(ii)(c)§ 164.308(a)(1)(ii)(A)

What Honest Comply covers:

Risk analysis, access termination logs, audit logs, breach notification templates. The exact documents OCR cited.

Front 02

State Attorneys General

Concurrent state enforcement under HITECH § 13410(e), codified at 42 U.S.C. § 1320d-5(d). Texas scales to $1.5M per year for pattern violations. California CMIA adds civil exposure.

HITECH § 13410(e)Texas HB 300Cal. CMIA

Named example

California CMIA, Civil Code § 56.36(b), $1,000 per patient nominal damages without proof of harm.

Cal. Civ. Code § 56.36(b)

What Honest Comply covers:

CA CMIA, TX HB 300, FL FIPA, NY SHIELD addenda in every Audit Pack.

Front 03

Ex-Employee Suits

Wrongful termination, retaliation, and False Claims Act whistleblower claims tied to compliance failures.

31 U.S.C. § 3730(h)

Named example

Montefiore Medical Center, $4,750,000, February 6, 2024. Malicious insider stole and sold PHI of 12,517 patients.

§ 164.308(a)(3)(ii)(c)§ 164.308(a)(1)(ii)(D)

What Honest Comply covers:

Dated workforce training attestations, access termination logs, BAA tracking, audit-discovery artifacts. Everything plaintiff discovery will request.

Front 04

Patient Civil Suits

Cal. Civ. Code § 56.36(b): $1,000 per patient, no proof of harm required. Aggregated in class actions, single breaches reach 8-figure exposure.

Cal. Civ. Code § 56.36(b)

Named example

Solara Medical Supplies, $9.76M class action plus $3M OCR settlement, January 2025. Single phishing breach, 114,007 patients affected.

§ 164.308(a)(5)(ii)(B)§ 164.404

What Honest Comply covers:

Encryption attestations, BAA-stack proof, patient-notice templates, audit-ready evidence chain.

The Deliverable

One PDF. Every regulator. One click.

The Audit Pack assembles every artifact OCR, your State AG, a plaintiff's lawyer, or an ex-employee's discovery request will ever ask for, on demand, date-stamped, organized exactly as the regulator wants to see it.

audit-pack-v1.pdf · OCR-ready · 14 pages

Audit Pack

[Practice Name] · Audit Pack v1

Generated · Today · For OCR Initial Data Request response

01
Risk Analysis
45 C.F.R. § 164.308(a)(1)(ii)(A)
02
Workforce Training Roster
§ 164.530(b)
03
Access Termination Logs
§ 164.308(a)(3)(ii)(c)
The exact field Gulf Coast Pain lost $1.19M for missing.
04
BAA Inventory
§ 164.314
05
Breach Notification Templates
§§ 164.404, 164.406
06
State Addenda
CA CMIA · TX HB 300 · FL FIPA · NY SHIELD

Download a sample Audit Pack

Real document. No email required.

Pricing

Flat rate. Unlimited seats. No per-employee tax.

Accountable HQ charges $25 per employee per training round. Compliancy Group quotes you. We publish.

72-hour deploymentUnlimited seatsAudit-ready refundZero sales calls

Solo

Core infrastructure for practices under 10 staff. Lighter on protection.

$497/mo

Flat rate · Unlimited seats

Up to 10 employees
Workforce training portal
BAA tracker
Email support
Done-for-you setup
Audit Pack
Money-back guarantee

Start Solo

Founding 25, 18 left

Defender

Everything, done for you. Built for 15 to 75 employee practices. The plan most pick.

$747$597/mo

Flat rate · Unlimited seats

After 6/30/2026 or 25 seats sold, lists at $747/mo

Done-for-you setup
Unlimited employees
Full Audit Pack, on-demand
Training portal + video library
BAA + breach tracker
72-hour deployment SLA
Money-back guarantee, up to $7,164/yr
Email + Slack support

Claim your founding spot

Live in 72 hours · Refund if not

Defender Pro

Everything in Defender, plus a partner. For multi-location practices.

$897/mo

Flat rate · Unlimited seats

Everything in Defender
Multi-location, white-glove
Quarterly compliance review
1 OCR Letter Response per year
24-hour deployment SLA
Money-back guarantee, up to $10,764/yr
Dedicated Slack support

Start Pro

Founding 25 · 18 of 25 spots remaining · Closes June 30, 2026, or when sold out

Full guarantee terms at /guarantee.

Quiz

Know your CMP exposure number in 8 minutes. Free.

15 questions about your practice. We do the math against the 2024 OCR penalty schedule and the state laws that apply to you. You get a 14-page personalized PDF, yours to keep, share, or hand to your attorney, whether or not you ever buy from us.

Your CMP exposure range, with assumptions disclosed
Your top 5 control gaps ranked by 2024 OCR enforcement frequency
State-law overlay: CA CMIA · TX HB 300 · FL FIPA · NY SHIELD
BAA-stack assessment
90-day remediation roadmap

Or download a sample Audit Pack first, no email required →