I help small independent healthcare practices in Tennessee and Mississippi identify HIPAA Security Rule compliance gaps — and give them a clear, prioritized roadmap to fix them before a regulator or a breach does it for them.
My consulting work is grounded in:
- NIST SP 800-66 Rev 2 — the federal implementation guide for the HIPAA Security Rule
- HHS Security Risk Assessment (SRA) Tool — the HHS-provided framework for covered entities
- 45 CFR Part 164 — the HIPAA Security Rule itself
A complete, open-source field framework for conducting HIPAA Security Risk Assessments at small healthcare practices.
Built from the ground up — covering every question to ask, every area to physically inspect, how to score risk using a Likelihood × Impact methodology, and how to document and deliver findings to a client.
What is inside:
docs/
01-how-to-use-this-framework.md ← Start here
02-pre-assessment-checklist.md ← Pre-visit intake and prep
03-administrative-safeguards.md ← 9 standards, every question to ask
04-physical-safeguards.md ← Facility walkthrough guide
05-technical-safeguards.md ← Systems, access, encryption, audit logs
06-risk-scoring-methodology.md ← Likelihood × Impact scoring with examples
07-delivering-your-findings.md ← How to present results to a client
templates/
findings-log.md ← On-site documentation
risk-register.md ← Scored findings and remediation roadmap
final-report-template.md ← Full client report template
| Repository | What it is |
|---|---|
| password-cracker | Python-based password cracking tool — hands-on security fundamentals |
| RomFlor.github.io | Personal site |
- 📚 Completing AAS in Cybersecurity
- 📋 Pursuing Certified HIPAA Professional (CHP) certification
- 🏥 Accepting complimentary initial assessments for small healthcare practices in the Tennessee and Mississippi area
- 🔨 Building open-source HIPAA compliance resources
💼 LinkedIn 📍 Tennessee & North Mississippi