// breach.compliance / family_medicine
For primary care and family practice. The Family Medicine Complete Suite ($499) stacks five FM specialty documents, a 10-state regulatory reference, and operational compliance tools onto the universal $199 Quick-Start. The Master Bundle ($999) adds hands-on implementation support.
// complete.suite.contents
Ten artifacts: five primary-care specialty documents addressing the regulatory zones distinctive to family medicine (CMS CCM billing, Ryan Haight telehealth, Joint Commission critical-value communication, CDC opioid prescribing, controlled substance patient agreements), one state regulatory reference table, and four operational compliance tools. Every artifact ships with a paired self-verification report mapping content to primary regulatory sources with honest confidence labels.
// family medicine specialty
Per CMS Medicare Claims Processing Manual Chapter 12 ยง30.6.1.7, required for billing CPT 99490, 99439, 99487, 99489. All 7 CMS-required acknowledgments (informed, single-provider, cost-share, revocation right, information-sharing) plus HIPAA care-coordination consents.
// family medicine specialty
Addresses the primary-care-distinct concerns: limited physical exam, vital signs and remote monitoring, when in-person care is required, Ryan Haight Act controlled-substance prescribing constraint, Interstate Medical Licensure Compact reference.
// family medicine specialty
3-tier severity matrix (Normal / Abnormal / Critical) with concrete timing standards. Critical-value 1-hour contact obligation aligned with Joint Commission NPSG 02.03.01. Failure protocol with welfare-check escalation. Voicemail content restriction per ยง164.502(b) minimum necessary.
// family medicine specialty
Schedule II-V framework with examples and constraints. State PDMP query triggers. CDC 2022 Opioid Guideline 7 core principles incorporated. Patient Agreement framework. Ryan Haight telemedicine reference. Diversion-prevention controls. Tapering protocol with CDC 2022 emphasis on avoiding abrupt discontinuation.
// family medicine specialty
The patient-facing agreement for long-term Schedule II-IV therapy. Per 21 CFR ยง1306.04(a), 21 CFR Part 1306, CDC 2022 Clinical Practice Guideline. 12 patient commitments, PDMP query consent, urine drug screen consent, naloxone co-prescription offer, termination clause with taper plan, signature block for patient/prescriber/witness.
// reference
Three-table regulatory digest across 10 high-volume states: state PDMP query mandates, opioid MED prescribing thresholds (Ohio confirmed: 30 MED/day acute, 50 / 80 / 120 MED/day chronic-pain tiers), and telehealth controlled-substance prescribing rules (federal DEA flexibilities extended through 12/31/2026, buprenorphine OUD rule FR 2025-02793 permanent). Per-cell fetch-status labels. Not legal advice; reference only.
// operational
Fillable ยง164.308(a)(1)(ii)(A) annual self-assessment. ePHI inventory, 10-threat identification matrix, vulnerability assessment across all five safeguard categories, 3ร3 likelihood-impact risk grid, mitigation plan tracker, sign-off block. Methodology aligned with NIST SP 800-30 Rev. 1.
// operational
Editable 26-slide PowerPoint for the ยง164.530(b)(1) annual training requirement. PHI definitions, TPO disclosures, Minimum Necessary, breach reporting, workstation and device security, social engineering, sanctions, OCR enforcement examples, knowledge check, sign-off slide for the practice's training records.
// operational
Landscape flowchart walking the ยงยง164.402-164.414 assessment in plain decision-tree form. Four-factor low-probability-of-compromise framework, individual / media / HHS notification thresholds, BA notification chain, law enforcement delay (written and oral). Companion narrative reference and fillable incident-documentation worksheet.
// operational
Four-sheet Excel template for ยง164.502(e) Business Associate Agreement administration. 20-column tracker with dropdown validation and five example vendor rows, BAA-required-vs-conduit-exception guidance, risk tier definitions, common vendor categories needing BAAs. Companion usage guide PDF.
Quick-Start tier ($199): HIPAA foundation for solo family medicine practices โ NPP, BAA, intake, sanctions, training, audit checklist. Instant PDF download. See pricing tiers below.
// pick.your.tier
Quick-Start is the HIPAA foundation for any solo family medicine practice. The Complete Suite layers on FM specialty documents, a state reference table, and operational compliance tools. The Master Bundle adds a risk assessment workbook, vendor BAA tracker, decision tree, and a 30-min onboarding call.
// family_medicine.faq
We do not bill Medicare CCM. Can I skip the CCM Enrollment Consent?
Yes. The CCM Enrollment Consent is specifically required for billing CMS CPT 99490 / 99439 / 99487 / 99489. If your practice does not bill these codes, you can omit the form from your intake packet. The other eight documents fully cover a general primary care practice.
DEA telemedicine prescribing rules keep changing. Is the Controlled Substance Policy current?
As of release, the Policy reflects the DEA's 2023-2025 telemedicine prescribing extensions. The Policy includes a fill field for the current Ryan Haight interpretation; the Advanced Suite tier includes pre-filled current language and we maintain it as new DEA rules are finalized. We will notify Advanced Suite buyers of material rule changes affecting the Policy.
My state PDMP has specific query triggers that differ from the Policy's defaults. Does the Policy adapt?
The Quick-Start Policy uses fill fields for state-specific PDMP query triggers. The Advanced Suite tier includes pre-filled, state-specific PDMP language for the buyer's state (INSPECT for Indiana, KASPER for Kentucky, CURES for California, etc.) along with the current statutory query timing requirements.
The 1-hour critical-value contact obligation seems aggressive. Is that realistic for a small practice?
Joint Commission NPSG 02.03.01 is the prevailing standard expected of outpatient practices that order tests producing critical results. The 1-hour window is what most medical malpractice case law treats as the standard of care; documented escalation (welfare check, emergency contact, certified mail) is what protects the practice when contact within 1 hour is genuinely impossible. The Policy's Section 6 spells this out so your protocol matches the standard.
Real human responds within one business day. We're a templates vendor, not a billing consultancy โ we will not give you CMS billing advice, but we will absolutely answer questions about what is and is not in the kit.