About HIPAA Associates

Learn about us at HIPAA Associates and how we can help you address the complex world of HIPAA.  

Preparing for HIPAA

Healthcare privacy is often a complicated process for many organizations considering the many facets that must be addressed.  Has your organization performed a careful assessment of their privacy program with a HIPAA Gap Analysis or a Risk Analysis?  Have you created a sound compliance plan that will help you be prepared for the HIPAA Privacy Rule?  Have you trained your staff with the latest information that relates to the Privacy Rule?  If you are aware of breaches that have occurred in the last year do you know how best to report these?  We have helped countless of organizations with issues such as these.

We can help you with the following important tasks:

  • HIPAA Gap Analysis
  • Compliance Plans
  • Train Your Staff
  • Breach Reporting
Mary Lopez of HIPAA Associates

Mary J Lopez

JD, CHP, CHC

is a nurse-attorney and the principal at HIPAA Associates consulting with a wide range of national healthcare clients.  At present Ms. Lopez leads the HIPAA Associates Team and advises clients on HIPAA privacy and security issues. In addition she creates compliance plans and educational programs.

Most important of all she understands the issues after serving as Chief Privacy Officer for several integrated health care systems for over a decade implementing and overseeing HIPAA compliance programs. In addition, Ms. Lopez is certified in Healthcare Privacy and Healthcare Compliance and is a regular speaker on HIPAA compliance.  Finally Ms. Lopez is admitted to the bar in Ohio and is a member of the Cincinnati Bar Association, and the American Health Lawyers Association.

Al Lopez of HIPAA Associates

Al Lopez

MD, FCCP,CHC

is the chief operations officer for HIPAA Associates.  Dr. Lopez is board certified in internal medicine, pulmonary, and anesthesia and he holds a degree as a medical coding specialist. Furthermore, he is an experienced pulmonary critical care specialist and anesthesiologist and served as a Compliance Director and Privacy Officer for over ten years. Moreover, he has experience dealing with HIPAA issues in the clinical setting, HIPAA security and operational issues. He has been part of the HIPAA Associates team for over 10 years. In addition, Dr. Lopez is certified in Healthcare Compliance and has held various leadership roles within the medical staff and practice corporation.

Phil Stinson from Intec IT

Phil Stinson

IT Consultant

is the Owner / CEO of Intec Solutions and is pleased to partner with the HIPAA Associates team to bring IT Risk Analysis & Technical Audit services to their already robust HIPAA Compliance Offering.  Of great significance, Phil used his expertise in Application Development, Network Infrastructure Management, and Enterprise Consulting to establish Intec Solutions as a full service Information Technology outsourcing company in 1997. Most important of all he has spent the last 20 years delivering Enterprise level Managed IT & HIPAA Compliance solutions to healthcare and related organizations.  Contact Phil Stinson directly at Intec Solutions for help with your Technical Safeguards. Finally, Phil is the most recent addition to the HIPAA Associates team.

We are health professionals who understand HIPAA inside and out.


If you’ve recently experienced a breach – or (better yet) are shoring up your defenses before a breach – let us lend our unique blend of skill sets to protect your patients and their data. Learn about us.

Mary is a former nurse and a lawyer. Al is a pulmonary-critical care specialist, anesthesiologist, and medical coding specialist. They both have decades of experience as compliance officers, and with HIPAA security+ operational issues.

As people who’ve worked on both sides of HIPAA – as care givers and compliance officers – we’re well­positioned to create individualized programs to fit your needs. Both large multi-hospital organizations and smaller companies seek our services, and since the advent of HIPAA we’ve trained thousands of healthcare providers in person or through our web-based platform. In addition, we can even add your company’s branding to our
customizable training modules, if you like, and we also offer HIPAA training for Spanish speaking associates.


We’ve helped numerous organizations and individuals with:

  1. HIPAA Consulting on the HIPAA Rules – what does it all mean? We’ll help you understand.
  2. HIPAA Gap Analysis assess your program for risk areas in order to identify and correct problems.
  3. Breach Reporting, investigation, analysis, individual notification and Office for Civil Rights reporting
  4. HIPAA compliance trainingfor individuals and groups.

Policies and Procedures

Put our unique blend of expertise to work – we’ll help you navigate the complex structure of HIPAA compliance. HIPAA Associates will create or coordinate your HIPAA program with policies, procedures customized for you and your organization and with any complex HIPAA issue.
Above all, HIPAA consulting is the main focus of our organization. Hospitals, health care practitioners, office practices and business associates must have written HIPAA policies and procedures and safeguards for protected health information (PHI). As a result, we develop HIPAA compliance plans that include HIPAA privacy and security policies and procedures. Most importantly, HIPAA Associates is available to to consult with you when questions arise regarding the HIPAA Rules. HIPAA Associates has the experience to understand and assess all aspects of the HIPAA Rule. Consequently, we help protect your organization from issues that may lead to complaints made to or investigations by the Office for Civil Rights (OCR).

HIPAA requires that you have a Business Associate Agreement with business partners that you contract with to provide services if they access, use or disclose PHI. For example, for accounting, billing, legal, risk management and information technology services. Accordingly, we will help you identify business associates and assist with obtaining business associate agreements. We can help protect your organization from HIPAA issues related to the actions of Business Associates and decrease risk to your organization.

HIPAA Gap Analysis

A HIPAA Gap Analysis is geared to identify those areas where an organization does not comply with the regulatory standards of HIPAA. Moreover, the gap analysis can give HIPAA covered entities or business associates an overall view of their compliance efforts. A gap analysis is not the same as a HIPAA Security Risk Analysis, which is focused on electronic PHI. However, this may be the best way all around analysis of policies, procedures and safeguards that are in place and to learn if your organization could withstand an audit of its program by the Office for Civil Rights.

Training for TEAMS

We offer customizable in-person, virtual, or webinar training, lectures and general help with HIPAA. We also offer training in Spanish.
In a busy healthcare practice, it can be difficult to get everyone in the same place at the same time for in-person training. Our web-based modules might be the best fit for your organization. We’ve developed these modules for hospitals, private practices, hospital-based provider groups and business associates. They can be completed at times that are more convenient, without disrupting your primary focus of patient care. Our training can be created with your branding and with your specific needs in mind.

Online Training

In a fast-paced medical environment, it can be difficult to get everyone in the same place, at the same time, for in-person training. For certain team members, our web-based modules might be the best fit. We’ve developed these modules for hospitals, private practices, hospital-based provider groups, and business associates. They can be completed at times that are more convenient, without disrupting your primary focus of patient care.

HIPAA Breach Reporting

HIPAA Associates works with clients dealing with a breach of unsecured PHI. It is important for an organization to follow all necessary steps to report a breach successfully to the individual(s) affected and to the Secretary HHS, Office for Civil Rights. We assist organizations in order to comply with breach notification requirements. Breaches can vary depending on the facts and circumstances and may be handled differently case-by-case. We have the experience to know how to respond to a breach and what steps to take to protect the individual(s) affected and place the organization in best position possible with the OCR. Moreover, we can manage investigations, mitigation of damages, retraining, notice to the individual(s) and reporting to the Office for Civil Rights.

Have you already experienced a breach?

We’re sorry to hear that – both for you and your patients. We know how stressful and chaotic it probably is right now as you try to figure out next steps.


We’ve helped countless providers and organizations deal with this.


Let us help you too with our free checklist of the steps you need to take immediately – and minimize your risk. It also includes a worksheet of all the information you’ll need to initially collect, so that you can keep it all in one place as you work through the process of mitigation.

Haven’t yet experienced a breach?

That’s great. But you should still prepare. Most people don’t think about HIPAA compliance until it’s too late. Moreover, the best way to deal with a HIPAA violation is to avoid it in the first place.


Be proactive. A first step is checking for weaknesses – and we can help. Get our compliance checklist to see where your vulnerabilities lie.

Most important of all, HIPAA Associates are legal and medical professionals who speak your language. We understand the needs of your organization.