CASE STUDY

From Overwhelmed to Compliant

How a solo Long Island behavioral health practitioner went from scattered and audit-anxious to confidently compliant — in about 30 days.

ENGAGEMENT SNAPSHOT

CLIENT

Solo practitioner

LOCATION

Long Island, New York

PRACTICE

Behavioral health

ENGAGEMENT

Security & Privacy build-out

DURATION

~30 days

STATUS

Audit-ready & maintaining

The Challenge

Overwhelmed, and unsure where to start

The practice was growing quickly, but its HIPAA program hadn’t kept pace. The practitioner knew there were gaps — she just didn’t know how many, or which to tackle first. A possible payer review made it feel urgent.

No documented Security Risk Analysis. The single most important foundation of compliance was simply missing.
Consumer email in daily use. PHI was moving through tools that had no business associate agreement.
Calendar invites leaking names. Appointment invites paired patient names with the practice’s identity.
A scheduling vendor with no BAA. Patient data was sitting with an unvetted third-party tool.
No written policies or training records. Expectations lived in her head, not on paper.

Our Approach

A clear, prioritized path

We started by measuring the real risk, then worked the highest-impact fixes first — so she always knew what mattered most, and why.

Completed a full, documented SRA and turned the findings into a prioritized remediation roadmap.

Migrated email to a BAA-covered Microsoft 365 plan with encryption, and closed the calendar-invite leak.

Replaced the non-compliant scheduler and collected BAAs from every vendor handling PHI.

Authored plain-language policies and documented training on what to do day to day.

The Results

From overwhelmed to compliant

Days to audit-ready
0
Staff trained
0 %
Risk gaps closed
0
Vendor BAAs in place
0
A documented SRA and roadmap. The missing foundation is now firmly in place and repeatable.
Encrypted email and a vetted scheduler. PHI now flows only through tools under a signed BAA.
Clear policies and documented training. No guesswork — she knows exactly what to do.
A program that maintains itself. Incident reporting and annual reviews keep compliance current.

A1plusAI turned HIPAA compliance from overwhelming to manageable. Their guidance, tools, and training gave me real clarity — and genuine peace of mind.

Solo practitioner

Behavioral health practice · Long Island, NY