About Hipsana

For clinicians who run their own practice.

Hipsana is built for a specific person: the dentist, physician, or therapist who owns a small practice, knows HIPAA is serious, and doesn’t have time to read hundreds of pages of federal regulations to find out where they stand.

Who we serve

Solo practitioners and practice owners with one to ten staff. People who run the whole practice themselves, know HIPAA carries real personal risk, and have no in-house compliance help and no time to build it.

How we work

It starts with the Scorecard: ten yes/no questions about how your practice handles patient data, scored against the HIPAA Security Rule. You get a number out of 100 and a written review of the gaps that matter most for your practice.

The review starts with the actual regulation, not a vendor’s marketing page. We look at what the Security Rule requires, where practices often fall short, and what a fix actually involves, because HIPAA problems often come down to how a tool is configured, not the tool itself.

If you want help closing those gaps, we introduce you to a vetted compliance specialist who does that work. The Scorecard and the review are free.

The standard behind Hipsana

Hipsana is built to a single standard. Everything it publishes traces to a primary source: the HIPAA Security Rule itself, the enforcement record the HHS Office for Civil Rights publishes, and NIST’s security guidance. Anything that can’t be verified against a regulator is labeled as such, never guessed. The discipline is the point. It lets a practice owner see exactly where they stand and confirm every word of it independently.

Hipsana was founded by Dolev Arama and built for a single audience: solo and small practices that carry a hospital’s HIPAA obligations without a hospital’s compliance department. The work is narrow on purpose, turning a sprawling federal rulebook into the handful of things that actually put a practice at risk.

What we are not

We are not attorneys, compliance officers, or healthcare professionals. The Scorecard and the written review are informational: a starting point for understanding your risk, not legal or compliance advice, and not a substitute for a professional engagement when your situation calls for one.

We also don’t handle patient data. The Scorecard asks how your practice operates, never about individual patients, and we never collect protected health information. For questions specific to your practice, consult someone licensed to answer them.

How we make money

When the Scorecard surfaces gaps you want help with, we connect you to a vetted compliance specialist who handles that work. If you decide to work with them, their firm pays us a referral fee. It never costs you anything, and it never changes what your review says.

Contact

Questions, corrections, or feedback: email hello@hipsana.com. We read every message and respond to most within a few business days.