HIPAA Resources for Small Medical Clinics

Free tools & templates

Downloadable worksheets and reference materials you can use without creating an account.

Template
Free BAA Template Pack

Download a plain-English BAA template reviewed against 45 CFR §164.504(e). Editable DOCX format. Built for covered entities who need to execute agreements with business associates without an in-house legal team.
- Covers all required §164.504(e) provisions — permitted uses, safeguard obligations, subcontractor requirements, breach notification, and termination
- Plain-English structure: you will know what you are signing and why each clause exists
- Editable DOCX format — fill in party names and you have an executable agreement
Get free resource →
Quick reference
HIPAA New Hire Checklist

A 10-step checklist for onboarding new clinical or administrative staff to your clinic's HIPAA compliance program.
- Training documentation — record the date and method of HIPAA Privacy and Security training for every new hire
- Workforce access provisioning — assign minimum-necessary system access based on the employee's specific role
- BAA review — verify a signed BAA exists for any new vendor or software the hire will access that touches PHI
Get free resource →
Quick reference
HIPAA Breach Notification Decision Tree

A printable, one-page decision tree that guides your team through the 45 CFR §164.402 breach determination: Was PHI involved? Was it unsecured? Does an exception apply? Who must be notified and when?
- Walks through the §164.402 definition in plain English: not every incident is a breach, and this tree tells you which ones are
- Covers all four notification obligations: individual notice, media notice, HHS Secretary, and business associate-to-covered entity
- Includes the four-factor risk assessment for applying the low probability of compromise exception
Get free resource →
Assessment tool
HIPAA Risk Analysis Worksheet

A step-by-step risk analysis worksheet built on the NIST SP 800-66 Rev 2 methodology. Covers threat identification, vulnerability assessment, likelihood and impact scoring, and residual risk documentation. Required by 45 CFR §164.308(a)(1)(ii)(A).
- Structured threat inventory covering ePHI access points: EHR, scheduling software, email, mobile devices, and physical records
- Likelihood × impact scoring matrix with built-in risk level categories (low / moderate / high)
- Pre-populated with the most common threats found in OCR investigations of small practices
Get free resource →
Template
HIPAA Incident Response Plan Template

A fill-in-the-blank incident response plan template that satisfies the §164.308(a)(6) Security Incident Procedures safeguard.
- Identification and containment steps — a sequential response procedure your team can follow during an active incident without compliance training
- Notification timeline guide — plain-English walkthrough of the 60-day OCR notification rule and individual notice requirements
- Breach risk assessment worksheet — the four-factor analysis required to apply the low probability of compromise exception
Get free resource →
Assessment tool
Healthcare Vendor BAA Tracker

A ready-to-use tracker for BAA status across every vendor who touches your clinic's PHI. Know exactly who you've covered — and who you haven't.
- Pre-filled with common healthcare vendor categories: EHR, billing, scheduling, transcription, cloud storage, IT support, and more
- BAA status columns for each vendor: Not Requested / Requested / Signed / Expired — so gaps are visible at a glance
- Annual review reminder column with a target date field to keep agreements current
Get free resource →

Learning center

Topic hubs for the workflows that most often drive HIPAA confusion inside small clinics.

HIPAA-compliant alternatives to generic task tools

If your clinic is currently using Asana, Monday, Trello, Notion, or similar, these are the BAA, audit trail, and pricing questions to answer before PHI moves in.

Head-to-head comparisons

PHIGuard against named competitors on features, BAA coverage, workflow fit, and pricing model.

By practice type

How HIPAA task management maps to the day-to-day operations of specific specialties.

Latest articles

Fresh educational content from the learning center, focused on practical HIPAA operations instead of generic blog commentary.

HIPAA compliance resources for practice administrators

Free BAA Template Pack

HIPAA New Hire Checklist

HIPAA Breach Notification Decision Tree

HIPAA Risk Analysis Worksheet

HIPAA Incident Response Plan Template

Healthcare Vendor BAA Tracker