Hipsana

Disclosure & methodology

How we make money, in plain terms.

The short version: when we connect you with a specialist and you hire them, we get paid. When you click certain product links, we may earn a small commission. Neither one changes what your Scorecard or review tells you. Here are the details.

How the free review is paid for

The Scorecard and the written review are free to you. If your review surfaces gaps you want help with, we introduce you to a vetted compliance specialist who does that work. If you choose to hire them, their firm pays us a referral fee.

You never pay us, and the fee never changes what your review says. If the honest finding is that your practice is in good shape, that is what we tell you, referral or not.

How we handle your information

To deliver the review, we share your details with that one specialist partner and no one else. We do not sell your information. What we collect, why, how long we keep it, and how to have it deleted is laid out on our Privacy page.

Affiliate links (a smaller, secondary part)

Some pages mention specific tools, and a few of those are affiliate links. If you sign up through one, we may earn a commission at no extra cost to you. We label these where they appear. A commission is never the reason we mention a tool, and when a free option does the job, we say so.

How we decide what to tell you

Whether we are scoring your practice or writing about a tool, we use the same yardstick: what the HIPAA Security Rule actually requires, what fits a one-to-ten-person practice, the real cost over a year, and how much day-to-day friction it adds.

Commission rate and referral fee are not on that list. When the right answer earns us nothing, that is still the answer we give.

What we will not do

We will not bury disclosures in tiny gray text. We will not accept payment in exchange for a better score or a favorable write-up. We will not call any product “100% HIPAA compliant,” because none is. Compliance depends on how you configure and use it, and anyone who tells you otherwise is selling something.

Educational content disclaimer

Hipsana provides informational content about cybersecurity and HIPAA compliance. We are not attorneys, compliance officers, or healthcare professionals. Nothing here is legal, regulatory, medical, or financial advice. For questions specific to your practice, consult a qualified professional. Regulations change; verify current requirements with the relevant regulator (HHS, OCR, FTC) before acting.

Questions or corrections

If you spot an error, a stale recommendation, or a conflict of interest we should disclose, email hello@hipsana.com. We respond to corrections within a few business days and note material changes with a date.