About Us

Mary and Al Lopez of HIPAA Associates
Mary & Al Lopez, Founders of HIPAA Associates

We are health professionals who understand HIPAA inside and out.


If you’ve recently experienced a breach – or (better yet) are shoring up your defenses before a breach – let us lend our unique blend of skill sets to protect your patients and their data. Learn about us.

Mary is a former nurse and a lawyer. Al is a pulmonary critical care specialist, anesthesiologist, and medical coding specialist. They both have decades of experience as compliance officers, and with HIPAA security+ operational issues.

As people who’ve worked on both sides of HIPAA – as care givers and compliance officers – we’re well­positioned to create individualized programs to fit your needs. Both large multi-hospital organizations and
smaller companies seek our services, and since the advent of HIPAA we’ve trained thousands of healthcare providers in person or through our web-based platform. We can even add your company’s branding to our
customizable training modules, if you like, and we also offer HIPAA training for Spanish speaking associates.

We’ve helped numerous organizations and individuals with:

  1. HIPAA Consulting on the HIPAA Rules – what does it all mean? We’ll help you understand.
  2. HIPAA Gap Analysis
  3. Breach Reporting, investigation, analysis, individual notification and Office for Civil Rights reporting
  4. HIPAA compliance training
  5. Privacy and security policies and procedures for HIPAA
  6. HIPAA Security Analysis
  7. Investigation and response to HIPAA complaints
  8. On-site HIPAA audits
  9. Response to Office for Civil Rights investigations
  10. Business Associate Agreements

Policies and Procedures

Put our unique blend of expertise to work – we’ll help you navigate the complex structure of HIPAA compliance. HIPAA Associates will create or coordinate your HIPAA program with policies, procedures customized for you and your organization and with any complex HIPAA issue.

HIPAA Gap Analysis

A HIPAA Gap Analysis is geared to identify those areas where an organization does not comply with the regulatory standards of HIPAA. The gap analysis can give HIPAA covered entities and business associates an overall view of their compliance efforts. This may be the best way to learn if your organization is prepared.

Training for TEAMS

We offer customizable in-person, virtual, or webinar training, lectures and general help with HIPAA. We also offer training in Spanish.

Online Training

In a fast-paced medical environment, it can be difficult to get everyone in the same place, at the same time, for in-person training. For certain team members, our web-based modules might be the best fit. We’ve developed these modules for hospitals, private practices, hospital-based provider groups, and business associates. They can be completed at times that are more convenient, without disrupting your primary focus of patient care.

Have you already experienced a breach?

We’re sorry to hear that – both for you and your patients. We know how stressful and chaotic it probably is right now as you try to figure out next steps.


We’ve helped countless providers and organizations deal with this.


Let us help you too with our free checklist of the steps you need to take immediately – and minimize your risk. It also includes a worksheet of all the information you’ll need to initially collect, so that you can keep it all in one place as you work through the process of mitigation.

Haven’t yet experienced a breach?

That’s great. But you should still prepare. Most people don’t think about HIPAA compliance until it’s too late. The best way to deal with a HIPAA violation is to avoid it in the first place.


Be proactive. A first step is checking for weaknesses – and we can help. Get our compliance checklist to see where your vulnerabilities lie.

Most important of all, HIPAA Associates are legal and medical professionals who speak your language. We understand the needs of your organization.