Frequently Asked Questions

No. TrackHIPAA is a compliance documentation tool, not a law firm. Every output includes this disclaimer. We help you generate your own compliance documents based on published federal regulations — the same approach used by every competitor in this space. For legal questions specific to your situation, consult a qualified healthcare attorney.

TrackHIPAA generates the exact documents OCR requests in audits, organized the way they expect. Our audit export feature bundles everything into one ZIP download. While no tool can guarantee you'll pass an audit, having proper documentation — a current Security Risk Assessment, signed BAAs, training records, and written policies — is the foundation of compliance and is what OCR looks at first.

Absolutely not. TrackHIPAA stores your practice profile (name, state, employee count, systems used) — never any patient information. Documents are generated in your browser and downloaded to your computer. Because we never receive, store, or transmit PHI on your behalf, we are not a Business Associate under HIPAA.

No. A Business Associate Agreement is required only with vendors who create, receive, maintain, or transmit PHI on your behalf (45 CFR § 160.103). TrackHIPAA does none of those — your practice profile is operational metadata, not patient data. This is the same architecture that lets us offer the product at $49/mo instead of the $300+ tier of BA-status competitors.

Template packs are generic Word documents that aren't customized to your practice, don't update when regulations change, and don't track your compliance status. TrackHIPAA generates documents specific to your practice type, state, employee count, and systems, tracks your ongoing compliance score, alerts you when rules change, and includes the AI Oracle for unlimited cited answers to HIPAA questions.

Yes. Monthly billing, no contracts, no cancellation fees. Cancel from your account settings and you won't be charged again. Your documents are yours to keep — download them before cancelling and they remain valid for your audit records.

Your $49/month plan includes up to 5 users — typical for a small practice with one or two providers and a few staff. Above 5 users we handle case-by-case; reach out and we'll work it out. No per-seat charge inside the included 5 — invite your front desk, your provider, and your compliance officer at no extra cost.

Any small US healthcare practice subject to HIPAA: dental, primary care, mental health and therapy, chiropractic, physical therapy, podiatry, dermatology, optometry, and similar specialty practices. The platform tailors documents and the SRA wizard to your practice type when you set up. We don't currently serve hospitals, large multi-location groups, or veterinary practices (vet records are not covered by HIPAA).

Set your primary practice state during setup — that drives the state-specific overlay (California, for example, has a stricter 15-day patient record access window than the federal 30-day floor). If you operate locations in multiple states, the policies remain federally compliant; we'll flag any state-specific overlays you need to add. State coverage is an active area of development; tell us where you operate and we'll prioritize.

Yes. Solo practices are some of our best-fit customers because OCR enforcement disproportionately targets small practices that haven't invested in compliance infrastructure. You serve as your own Privacy Officer and Security Officer — TrackHIPAA generates the designation letters automatically and walks you through the requirements step by step.

If you're not satisfied within the first 30 days, email us and we'll issue a full refund — no questions, no friction. After 30 days, cancellation stops future charges but past months are not refunded. We track this in our admin tooling and process refunds via LemonSqueezy within one business day.

Before cancelling, use the one-click audit export to download a ZIP of every policy, your SRA results, training records, and vendor BAAs — all in the format OCR expects. After cancelling we retain your account data for 60 days in case you reactivate, then it's permanently deleted. Your downloaded documents are yours to keep and use indefinitely.

Email support is staffed weekdays, 9am–5pm Pacific. Most questions get a response within one business day. For active OCR audits or urgent breach response, mark your email URGENT in the subject and we'll prioritize it. We don't offer phone support at the $49 tier — that's part of how we keep the price low.

We're tracking the final rule closely. When HHS publishes it, we'll update all affected documents within 14 days, generate a diff summary showing what changed, and notify you which of your policies need regeneration. The Regulation Alerts feature handles this proactively so you don't have to track Federal Register notices yourself.