Free Guide · Current as of July 2026

The HIPAA-Conscious IT Checklist for Direct Primary Care Clinics

For 1–3 physician practices with no IT staff. What's actually required, what's actually optional, and what to do first.

What's inside

Written for a clinic with no IT department.

Most HIPAA checklists hand you fifty equal-weight bullets and a countdown clock. This one is prioritized, plain-language, and careful about what the law actually says today — versus what vendors are telling you it says.

  • Are you even a covered entity? A four-question flow — and the e-prescribing trapdoor that quietly pulls most cash-pay practices in.
  • The five things to do this month. Not fifty. Five — starting with the free federal tool nobody tells you about.
  • Texting your patients without blowing up HIPAA. Everyone says "never text patients." That's wrong, and it's useless to a DPC practice. Includes a consent script you can copy.
  • A pre-filled BAA tracker for the real DPC stack — Hint, Atlas MD, Cerbo, Elation, Spruce, labs, Microsoft 365.
  • The laptop-is-the-clinic page. BYOD, the home office, the shared family computer, offboarding your one employee.
  • What's law today vs. what's only proposed — so you can tell which vendors are selling you a rule that doesn't exist yet.

Every item is tagged with its real legal status

Required Addressable Recommended — so you can tell, at a glance, what the rule actually compels versus what someone would simply like to sell you.

Get the checklist

Tell us where to send it and it opens on the next screen — read it online or save it as a PDF.

We'll send you the guide and, occasionally, something else genuinely useful for running a small business. No spam, and you can tell us to stop at any time.