Chat with us, powered by LiveChat

About Us

HIPAA One provides next-generation privacy and security software that is simple, automated, and affordable for healthcare, payers and business associates.  Using HHS’s HIPAA Audit Protocol and NIST-based methodologies, our step-by-step, collaborative workflow effortlessly guides the user through the process of protecting ePHI per 45 CFR 164.308(a)(1)(ii)(A). Our industry-certified Audit Support Team strive to exceed client and partner expectations while providing class-leading support.

With over 7,000 sites using our software to manage HIPAA compliance, we have had a 100% pass-rate for audits.  We provide vulnerability scan, policies and procedure templates and offer training courses for a holistic HIPAA compliance experience.

Our scaleable technology stack and marketing experience ensure ROI success through integration and well-established partner referral programs.

The HIPAA One platform is built on the ContractPal platform.

ContractPal is a cloud-based software company providing an open, web-based, on-demand computing platform. ContractPal supports the rapid design, development, and deployment of contract-oriented web applications. Their client base is expansive having worked with Fortune 50 customers by significantly increasing sales revenue, reducing risk and reducing operational cost.

HIPAA One is owned and developed by Modern Compliance Solutions, Inc.

What makes HIPAA One different from other compliance companies? We are constantly stiving to improve our software by making our platform intutive and automated. Our development team, based out of Lindon, UT works tirelessly to ensure the best and most-consistent end-user experience. Additionally, we only contract and work with US based data centers.

Here are some fundamentals of our software:

  • Simplicity: After conducting hundreds of HIPAA Security Risk Analyses, Steven Marco, Founder of HIPAA One, dreamed of creating a tool used to automate the reporting for each assessment.  Since it’s inception in 2012, HIPAA One® has become a compliance software industry-leader having automodated the Security Risk Analysis process as much as humanly possible.  The result is a workflow that streamlines reporting by utilizing simplified questions. HIPAA One® is the one-stop shop for SRA, remediation planning and ongoing risk management activities.
  • Compliance: Developed from the OCR’s Guidance on HIPAA Security  & OCR Audit Protocol, Texas House Bill 300, NIST SP 800-series, HSR Toolkit, HHS SRAT and HHS Spreadsheets our clients have 100% success in responding to (and passing!) OCR and Figliozzi audits.  We update our software each time there is a change in legislation, regulatory mandates and breach data trends are released.
  • Automation: Threat identification, vulnerability analysis, threat agents, likelihood, impact and risk calculations are all automated.  Add, simple Reflexive Question Engine (RQE), remediation plan, multi-user/departmental access, reporting and documentation retention.
  • Efficiency: Designed to save you time, small clinics can complete their own HIPAA Risk Analysis is less than one day! Reduce administrative bloat and cut back on mundane, time-consuming and manual processes by putting HIPAA One®’s automation to work.
  • Resources: Develop your own documentation with built-in HIPAA compliance features and robust questions including those focused on Policies and Procedures. Contact our support team anytime at for extended support and service.

Our Staff & Culture

All our staff has built careers within the healthcare research and Health IT segments focusing on:

  • Reducing clicks or steps for ease of use and aesthetically-pleasing user experience
  • Intelligent consulting so the client and our team set realistic the goals of each project
  • Exceeding client expectations
  • Standing side-by-side during audits ensuring success

This aligns with the company’s core competencies of providing:

  • HIPAA Compliance Automation software
  • Always up-to-date with regulatory requirements, industry and best-practices
  • Full suite of data security, ePHI data classification, application penetration testing and source-code review