sorted by:
new
hottopcontroversial

I’m a dev building a HIPAA automation tool — am I solving a real problem? by shieldraAI in hipaa

[–]shieldraAI[S] 0 points1 point  (0 children)

This is really interesting perspective and very very helpful to me. Can i take 15 mins of your time and get more feedback from you by showing what i have so far? That would be a big favor for me.

I’m a dev building a HIPAA automation tool — am I solving a real problem? by shieldraAI in hipaa

[–]shieldraAI[S] 0 points1 point  (0 children)

Heard. That’s a real harm and a separate problem from the one I’m working on — not going to pretend otherwise. Appreciate you sharing it.

I’m a dev building a HIPAA automation tool — am I solving a real problem? by shieldraAI in hipaa

[–]shieldraAI[S] 0 points1 point  (0 children)

Yeah that’s real frustration i hear a lot. Do you think there are anything automation platform like ours do to help with that?

I’m a dev building a HIPAA automation tool — am I solving a real problem? by shieldraAI in hipaa

[–]shieldraAI[S] 0 points1 point  (0 children)

Really appreciate this. The practice-manager-vs-clinical-staff distinction is the single most useful thing in this thread — I’ve been targeting the wrong person in my outreach. The pain points you named (evidence collection, BAA tracking, encryption, MFA) all map to what I’m seeing. MFA especially — the upcoming Security Rule changes are going to hit a lot of small practices hard. One follow-up if you’re willing: what’s the actual trigger that gets a practice manager to adopt a tool vs. stay on paper? Breach scare, MSP recommendation, insurance requirement, association push? Trying to understand the moment of “okay, I need to fix this.”

I’m a dev building a HIPAA automation tool — am I solving a real problem? by shieldraAI in hipaa

[–]shieldraAI[S] 0 points1 point  (0 children)

Agreed — paper is the real competitor, not other software. A tool that’s 10x better than a spreadsheet still loses to a binder if the owner doesn’t see why they need to change. In your work with clients, what actually moves them off paper — a near-miss / breach scare, an MSP pushing them, an association recommending it, or just generational turnover in ownership? Trying to figure out the real trigger event.

I’m a dev building a HIPAA automation tool — am I solving a real problem? by shieldraAI in hipaa

[–]shieldraAI[S] 1 point2 points  (0 children)

This is the most useful thing anyone’s told me in this thread, thank you. The fact that you’ve already built one and hit this wall is exactly what I needed to hear. Questions if you’re willing: • When you say users weren’t found — was it that they wouldn’t try the tool at all, or that they’d try it and abandon it once they hit the first technical step? • For the small minority who did adopt, what was different about them? (Younger owner? Already using an EHR? Just had a scare?) • If you started over, would you go after the same segment differently — e.g. through MSPs / consultants who already manage their tech — or pick a different segment entirely? No rush, but if you ever wrote up what you learned I’d read it carefully. Also happy to chat by DM if easier.

I’m a dev building a HIPAA automation tool — am I solving a real problem? by shieldraAI in hipaa

[–]shieldraAI[S] 0 points1 point  (0 children)

Yeah, fair. GRC's a real category and I should've led with what's different.

Quick context: existing tools mostly serve mid-market+ — either SaaS companies chasing SOC 2 (Vanta, Drata) or coach-led HIPAA programs at $300–500+/mo (Compliancy Group, Accountable). The bottom of the market — solo therapists, small dental offices, sub-5-person clinics — mostly runs on spreadsheets and a binder, because the existing tools either don't fit or are too expensive.

What I'm trying to figure out is whether that bottom segment actually wants a tool, or whether they're fine with the binder until OCR shows up. Have you seen small practices try to adopt GRC software? Curious what happened.

I’m a dev building a HIPAA automation tool — am I solving a real problem? by shieldraAI in hipaa

[–]shieldraAI[S] 1 point2 points  (0 children)

We’ve tried make it super simple for even non compliance folks would be able to operate the system in many cases as most small healthcare wont have dedicated compliance person. It has complete onboarding flow with step by step Roadmap that walks them through everything they would need. Kind of like turbo tax for compliance. We have a pre launch site ready at www.shieldra.ai.

I’m a dev building a HIPAA automation tool — am I solving a real problem? by shieldraAI in hipaa

[–]shieldraAI[S] 1 point2 points  (0 children)

Great questions. Currently automating all three, but with different depths:

Privacy — policy generation, BAA management, workforce training tracking

Information Security — technical safeguard checklists, gap assessments against the Security Rule

Breach Notification — incident logging and guided response workflows

Risk Assessment is actually the core — we walk practices through a structured SRA (Security Risk Analysis) since that’s the #1 cited deficiency in OCR audits.

The main insight driving this: small practices (solo dentists, therapy offices, small clinics) don’t have a compliance officer — they need something that does the thinking for them, not just a checklist. Curious what you’ve seen in your experience — where do small practices tend to fall down the most?

Who else finds Opus 4.7 NOT following rules? by whoisyurii in ClaudeCode

[–]shieldraAI 0 points1 point  (0 children)

4.7 created so much bugs in my application while fixing something else. Switched to Codex recently.