Jacksonville, FL  ·  EN · FR · PT

HIPAA Compliance & Security
for Northeast Florida
Healthcare Practices

We Find Your Gaps Before the Auditors, or the Hackers, Do.
And we do it with CLASse.

Your EHR vendor doesn't handle compliance. Your IT person doesn't know HIPAA law. Your AI scribe tools might be leaking patient data. That's where I come in.

Get Your Free 10-Minute Risk Snapshot Talk to Fred
Free compliance snapshot · No booking required · Results in 10 minutes
CLAS by Fred Saraiva — Compliance Leadership Advisory Security
C
Compliance
HIPAA, ISO 27001, GDPR & regulatory frameworks that protect your business from risk and liability.
L
Leadership
Strategic fractional CTO/CISO guidance that aligns your technology decisions with business growth.
A
Advisory
Vendor-neutral counsel on compliance strategy, security posture, and regulatory risk priorities.
S
Security
Cybersecurity assessments, policy documentation, and staff training that build a lasting security culture.
What We Do

Start With Clarity.
Then Build From There.

Most small practices don't know what compliance gaps they have — not because they're careless, but because nobody ever showed them. That changes here.

Start Here
Risk Snapshot — $995

You run a small practice. You've got patients, staff, and a growing pile of technology — but no idea whether any of it is compliant. That fog is your biggest liability.

Most OCR fines and data breaches don't hit organizations that tried and failed. They hit organizations that never checked. The Risk Snapshot is designed for practices with 1–10 employees who need to know exactly where they stand — fast, affordably, and without a long-term commitment.

You choose the audit tool that fits your situation — HIPAA for healthcare practices, ISO 27001 for security framework, or ISO 42001 for AI governance. We review your results during a 30-minute onsite visit, check your M365 and Apple security posture, and deliver a clear priority matrix within 2–3 business days. No jargon. No scare tactics. Just clarity.

Delivered in 2–3 business days
You choose the audit tool: HIPAA, ISO 27001, or ISO 42001
30-minute onsite visit — no long engagement, zero obligation
1-page priority matrix + risk summary email — clear, actionable
$995 flat fee
Book Your Snapshot Call Not ready? Take the free risk snapshot first →
What you get
  • Client completes audit tool (HIPAA, ISO 27001, or ISO 42001)
  • 30-minute onsite visit — Fred reviews results, checks environment
  • M365 / Apple security baseline check
  • Vendor & BAA gap identification
  • 1-page prioritized risk matrix
  • Risk summary email with immediate action items
  • Notes from onsite visit (audit tool HTML export included)
Ready for more depth? Ask about the CLARITY assessment ($2,995) — a 2-hour onsite visit with a full findings report, gap analysis, and written remediation roadmap delivered in 4–5 days.
When You're Ready to Go Further
HIPAA Risk Assessment

Full Security Risk Analysis covering all administrative, physical, and technical safeguards. Required by law. Your primary defense against OCR audits and breach liability.

From $4,500 · 2–3 weeks
AI Governance (ISO 42001)

Running AI scheduling tools, scribes, or clinical decision support? ISO 42001 ensures your AI systems meet HIPAA-aligned standards before they become a liability.

From $3,500 · 3–4 weeks
Fractional vCISO

Ongoing security leadership without a full-time hire. Quarterly reviews, policy maintenance, regulatory change monitoring, and incident response guidance — at SMB economics.

$2,500–$5,000 / month

Additional services: Custom policy development, M365 security hardening, ISO 27001 gap analysis, security awareness training, Apple ecosystem security. Full service menu →

Service Tiers

Choose Your
Compliance Partnership

Three tiers designed for healthcare practices, law firms, and regulated SMBs in Northeast Florida. From fast risk assessments to full vCISO partnerships.

CLARITY

Comprehensive compliance assessment for small practices (1–10 employees). Includes a findings report, gap analysis, and written remediation roadmap.

  • Client completes audit tool (HIPAA, ISO 27001, or ISO 42001)
  • 2-hour comprehensive onsite visit with Fred
  • Light HIPAA or ISO gap analysis
  • Thorough M365/Apple security baseline + written guidance
  • Comprehensive findings report
  • 1-page prioritized risk summary
  • Written remediation roadmap with timeline
$2,995 one-time
4–5 business days delivery
Optional Add-Ons
  • • Add a 30-min discovery call for retainer planning: complimentary
  • • Annual Security Awareness Training: +$1,200/year
  • • AI Use Audit: +$1,500
Travel: Jacksonville/St. Augustine metro included. Outside area: +$150 travel fee
RESILIENT

Comprehensive compliance program for growing practices (5–12 employees). Full HIPAA assessment, custom policies, and semi-annual onsite check-ins.

  • Comprehensive HIPAA Assessment (full SRA)
  • Custom Policy & Procedures Documentation (8-policy core set: Privacy, Security, Breach Notification, Sanctions, Device & Media, Workforce Access, Incident Response, BAA Management)
  • Semi-annual onsite compliance check-ins (2 visits/year, 90 min each)
  • M365 security hardening guidance document
  • Risk register with remediation roadmap
$695/month 12-month minimum
$8,340/year · 30 days initial setup
Optional Add-Ons
  • • Policy update (operational changes): +$500 per update
  • • ISO 27001 gap analysis: +$4,500
  • • AI Governance Framework: +$3,000
  • • Security Awareness Training: +$1,200/year
  • • Upgrade to quarterly onsite check-ins: +$200/month
Travel: Jacksonville/St. Augustine metro included. Outside area: +$150/visit travel fee
SOVEREIGN

Full vCISO partnership for established practices (8–20 employees). Strategic leadership, ongoing monitoring, and annual policy maintenance.

  • Everything in Resilient, plus:
  • Fractional vCISO advisory (8–12 hours/month remote · email, phone, document review, strategic guidance)
  • Quarterly onsite compliance check-ins (4 visits/year, 90 min each)
  • Regulatory change monitoring · proactive alerts on HIPAA, state privacy laws, AI regulation updates
  • Annual policy full review & refresh · all 12 policies re-read, re-read, updated for regulatory changes, delivered as updated documents
  • 12-policy extended set (Core 8 + Third-Party Risk, Remote Work & BYOD, AI Acceptable Use, Data Retention & Disposal)
$1,995/month 12-month minimum
$23,940/year · Ongoing retainer
Optional Add-Ons
  • • Policy update (operational changes): +$750 per update
  • • ISO 27001 gap analysis: +$4,500
  • • AI Governance Framework: +$3,000
  • • Security Awareness Training: +$1,200/year
Travel: Jacksonville/St. Augustine metro included. Outside area: +$150/visit travel fee
All Tiers Include Professional Deliverables

Every engagement includes professionally formatted, editable deliverable templates: SRA spreadsheet, HIPAA policy library, DPIA template, and executive slide deck, authored and tailored by Fred Saraiva for your specific environment. No generic templates. No copy-paste compliance.

About

Why I Built CLAS

Fred Saraiva - Founder, CLAS by Fred
HIPAA Privacy Law (Penn State) ISO 42001 AI Governance Lead Implementer ISO 27001 Lead Implementer GDPR Compliance Expert CompTIA Security+ vCISO Certified ITIL Foundation

I know what enterprise compliance looks like: I ran it for Apple across Europe, raising audit scores from 72% to 96% and training over 1,000 agents in four countries. I've built disaster recovery plans for telecom companies, security frameworks for SaaS platforms, and access control systems for multinational operations.

But I also know that a 12-person chiropractic office doesn't need a 200-page security manual. CLAS by Fred takes the precision of enterprise governance and scales it down: custom HIPAA audits, AI governance frameworks, and compliance roadmaps built for practices where the owner is also the decision-maker, the budget holder, and the person who has to explain it to their staff.

I pioneered Apple's first remote support model for the German market. I scaled a SaaS startup to €4M ARR. I've navigated OCR inquiries, GDPR enforcement actions, and ISO 27001 certification audits. And I've done it in three languages, across two continents, for two decades.

Now I'm based in Jacksonville, building compliance programs for Northeast Florida healthcare practices: dentists, chiropractors, psychiatrists, dermatologists, who need audit-ready documentation without enterprise bureaucracy. No generic templates. No copy-paste policies. Just custom frameworks built by someone who's been in the CTO chair and knows what actually holds up under scrutiny.

Fred Saraiva, Founder

Proven Results

Real Engagements,
Real Outcomes

Illustrative scenarios based on common compliance challenges in the healthcare practices we serve.

12-Person Dental Practice

HIPAA Compliance After OCR Inquiry

Practice facing OCR inquiry after patient complaint. Delivered full HIPAA compliance program (Security Risk Assessment, 8-policy set, staff training) in 60 days. Avoided fines, passed follow-up audit on first attempt.

Outcome: Zero fines, audit-ready in 60 days
8-Person Dermatology Practice

AI Governance for Medical Scribes

Practice using AI scribe tools (Nuance DAX, Suki) without Business Associate Agreements or data governance. Built AI Acceptable Use Policy and vendor risk framework aligned with HIPAA and ISO 42001, eliminated PHI exposure risk.

Outcome: Compliant AI usage, zero PHI leaks
Solo Psychiatrist

First Insurance Panel Audit Readiness

Solo provider preparing for first insurance panel audit. Conducted HIPAA gap analysis, implemented M365 security hardening (MFA, encryption, conditional access), created audit-ready documentation in 30 days.

Outcome: Passed panel audit, zero findings
Solo Chiropractor

Ransomware Recovery & Compliance Restoration

Solo chiropractor hit with ransomware attack after clicking phishing email. Guided breach notification process (OCR reporting, patient notifications), rebuilt security controls, restored HIPAA compliance within 90 days.

Outcome: Full compliance restoration, no penalties
Why CLAS

What Sets This
Engagement Apart

Not a Vendor. A Partner.

CLAS operates as an extension of your leadership team, not a ticket queue. Fred's engagement model prioritizes understanding your business before prescribing solutions.

Compliance That Doesn't Slow You Down

Regulatory frameworks are often designed for large enterprises. CLAS translates them into right-sized, actionable programs that protect you without paralyzing your operations.

Global Thinking. Local Presence.

With experience across Europe, Africa, and the US, with fluency in English, French, and Portuguese, CLAS is built for organizations with international ambitions and local accountability.

Regulated Environments We Serve

Industries We
Specialize In

Healthcare & Medical Practices
Is your AI scribe tool leaking patient data? HIPAA requires a documented Risk Analysis. CLAS delivers one that holds up in an OCR audit.
HIPAA · HITECH · AI Governance
SMBs Under 25 Employees
You handle regulated data but can't afford a full-time CISO. CLAS delivers enterprise-grade compliance leadership at SMB economics starting at $995 for a Micro-Entity Snapshot.
HIPAA · CCPA · FL §501.171 · ISO 42001
AI-Adopting Organizations
Deploying AI tools in any regulated environment? ISO 42001 provides the governance framework to manage AI risk, demonstrate accountability, and stay ahead of incoming regulation.
ISO 42001 · AI Act · NIST AI RMF
Legal & Law Firms
AI tools that touch client communications must comply with ABA ethics obligations. We implement AI policies that protect billable work and attorney-client privilege.
ABA Ethics · CCPA · ISO 42001
Finance & Insurance
Regulatory pressure, cyber insurance requirements, and client data sensitivity demand more than a basic firewall. SOC 2 readiness and privacy compliance, built to scale.
SOC 2 · GLBA · CCPA · PCI-DSS
Office 365 Security Hardening
Most O365 tenants are dangerously misconfigured. Conditional access, MFA enforcement, DLP rules, and secure tenant configuration delivered right the first time for any regulated organization.
MFA · Conditional Access · DLP · Secure Score
Contact Centers
PCI-DSS for payment capture, COPC/CCSR for operational standards, and AI call-handling tools that raise liability questions. We map your compliance obligations across all three.
PCI-DSS · COPC · CCSR · AI Governance
HR & Recruiting Agencies
Healthcare clients expect HIPAA-level discipline — even from non-covered vendors. We make staffing and recruiting firms audit-ready with security policies, vendor documentation, and AI governance for recruiting tools.
HIPAA-Aligned · Security Policies · AI Governance · vCISO
Start the Conversation

Ready to Know
Where You Stand?

Most security breaches are preceded by a compliance gap someone knew about but didn't act on. A HIPAA Risk Assessment or cybersecurity review with CLAS takes weeks. A data breach can take years to recover from.

Request a Consultation
Location
Jacksonville & Saint Augustine, FL
Serving Northeast Florida & Remote Clients Nationwide
Direct Contact
+1 (904) 800-9154
fred@clasbyfred.com
Connect
LinkedIn: saraiva-frederic
Trilingual: EN  ·  FR  ·  PT