Expert HIPAA and MACRA Compliance Guidance 

HIPAA audits are becoming much more frequent and can cause your practice to face huge costs, while MACRA can cost your practice yearly penalties. We've partnered with Sandberg Phoenix & von Gontard to provide comprehensive HIPAA and MACRA compliance guidance. This comprehensive solution can help your practice navigate these compliance requirements, assist in avoiding or mitigating penalties  for noncompliance, help ensure your staff is fully-trained on these laws, help ensure that MIPS is a benefit to your practice, and help keep government regulators off of your back so that you can focus on your practice. 

HIPAA Compliance Service

The Health Insurance Portability and Accountability Act (HIPAA) protects a patient’s personal health information from being used or disclosed illegally by a physician, hospital, clinic, etc. Most doctors don’t understand the issues that they can, and will, face should theybe out of compliance. 

The Cost of a HIPAA Breach

The cost for a breach, for example, before any audit by HHS/OCR would be conducted, has reached roughly $402 per patient affected by a breach. So, if a doctor’s office had a breach of 1000 patient records, for example, the cost alone would be $402,000, and that’s before HHS handed down any fine or penalty the agency decided to implement against the practice.

The Full HIPAA Compliance Package

All services listed below are included with our HIPAA Compliance service. 

  • Legal Analysis 

    Legal Analysis 

    On-site Legal analysis, consultation and resulting preparation of practice tailored policies and procedures.

  • Risk Analysis 

    Risk Analysis 

    An Onsite Risk Analysis is conducted for the practice

  • Quarterly Trainings 

    Quarterly Trainings 

    Conduct quarterly live web-based or onsite trainings specific to the policies and procedures of the practice. 

  • Consultation


    Phone and e-mail consultation with an attorney (no additional charge) 

  • Audit Assistance

    Audit Assistance

    Audit assistance up to 20 hours included in the price of the program. 

  • Violation Representation

    Violation Representation

    Legal representation/guidance up to 20 hours if a breach or a violation is found.

  • Consistent Updates

    Consistent Updates

    Updates on changes in the law, redesign of manual/documents and forms and rolled out to practice when necessary. 

  • Continuing Medical Education Credit

    Continuing Medical Education Credit

    Possible continuing medical education credit for HIPAA trainings for up to 12-16 CME credits per year. 

  • Results and Policies 

    Results and Policies 

    Provide and explain audit and security risk results and policies.

MACRA Compliance Service

HIPAA and the Medicare Access and CHIP Reauthorization Act (MACRA) overlap significantly. One cannot be in compliance with MACRA and not also be in compliance with HIPAA, and vice versa. MACRA, and the Merit-based Incentive Payment System (MIPS) are among the most influential changes to the business of medicine in decades.The Medicare Access and CHIP Reauthorization Act (MACRA) and the Merit-based Incentive Payment System (MIPS) are among the most influential changes to the business of medicine in decades. 

MACRA Pro's and Con's 

On one hand, these new regulations will greatly benefit patients and their care, as well as the security of their healthcare information and personal data. On the other hand, doctors and their practices face a myriad of new and extremely complex regulations, and failure to comply with these regulations will result in heavy fines and penalties, in many cases, large enough to put some practices out of business. At the same time, in the case of MIPS, practices that are fully in compliance stand to see increased payments for their service to patients on Medicare.

Complete MACRA (MIPS) Guidance

All services listed below are included with our MACRA Compliance service. 

  • Onsite Help

    Onsite Help

    Help with understanding the requirements of MIPS by helping to determine who is/is not required to comply. 

  • Group Reporting

    Group Reporting

    Help in setting the rest of those that are required to comply by putting them into a group for reporting purposes, if possible. 

  • Support


    Phone, email and text consultation at no additional charge. 

  • Quality Measure Selection

    Quality Measure Selection

    Assist doctors in picking the quality measures that are required for them to comply with that category and help pick measures to maximize the quality category score as much as possible. 

  • Collaboration Assistance

    Collaboration Assistance

    We help collaborate with your IT company and EHR company to ensure that everything is turned on and running correctly to make sure that you are meeting all the advancing care category measures. 

  • Ensure Correct Data Reporting

    Ensure Correct Data Reporting

    Work with your IT and EHR companies to make sure that the EHR company is collecting and reporting your data correctly. 

  • Improvement Activity Selection

    Improvement Activity Selection

    Consultation on picking the Improvement Activities that the practice must comply with in order to meet the category's requirements. 4 activities are required, but will try to maximize this category as well by picking more than just the 4 required.

  • Monitoring


    We monitor your practice's progress with each category to make sure doctor(s) are meeting the requirements throughout the year, without having to call patients back in December to meet the measures. 

  • Get the Base Increase

    Get the Base Increase

    After reporting has been completed, we will work with CMS to help your practice try and get the base increase, and if possible, get that base increase multiplied by 3 for being a "top performer". The base increase is 5% in 2020, 7% in 2021 and 9% in 2022.  

Let's Get Started

Find out how we can help you navigate HIPAA and MACRA in a practical, worry-free way.  

Contact Us

The choice of an attorney is an important decision and should not be based solely upon advertising.