Healthcare organizations live with HIPAA exposure every day. This toolkit gives you a working framework to catch compliance gaps before regulators do — the same triage model and checklists used inside a $14B health system. Built for compliance teams and general counsel who need to move past "we have a BAA" to "we've actually reviewed it."
Who it's for: Healthcare organizations with regulated data, shared patient information, or vendors handling PHI. Best for teams with compliance infrastructure in place but gaps in incident readiness and BAA review rigor.
What's Included:
- BAA Review Checklist
- HIPAA Incident Decision Support Worksheet
- OCR Audit Readiness Assessment
- PHI Data Handling Addendum
Want JHarris Advisory to implement these tools for your organization? Start with a scoping conversation @ https://jharrisadvisory.com/contact
Most organizations deploying AI tools have no structured way to evaluate them. This bundle starts there. It's the intake, triage, and approval workflow built inside a large health system — the part that catches problematic use cases before they ship. Built for teams that want governance without bureaucracy: fast intake, clear risk assignment, documented accountability.
Who it's for: Organizations rolling out AI tools across teams without a formal review process. Best for companies asking "which AI decisions need oversight" and "who owns this if it fails.”
What's Included:
- Draft AI Use Policy
- AI Use Case Intake Form
- Risk Tiering Rubric
- Governance Playbook
- Required Artifacts Checklist
Want JHarris Advisory to implement these tools for your organization? Start with a scoping conversation @ https://jharrisadvisory.com/contact
California privacy law moves fast. This toolkit keeps you caught up. You get a gap assessment to find what you're missing, the playbook to handle the top 3 consumer rights requests (access, deletion, opt-out), and a side-by-side reference for GDPR teams. Built for California-facing companies that need to get compliant without hiring a privacy team.
Who it's for: Companies with California customers or operations but no dedicated privacy counsel. Works best if you already have some privacy infrastructure in place.
What's Included:
- CPRA Gap Assessment Template
- Consumer Rights Response Playbook
- CCPA/GDPR Crosswalk Reference
- CCPA Compliance Playbook
Want JHarris Advisory to implement these tools for your organization? Start with a scoping conversation @ https://jharrisadvisory.com/contact
Lawyers are getting sanctioned for AI. This toolkit gets you covered. It's the turnkey office policy, the citation-verification protocol that prevents a fabricated-citation sanction, client disclosure language, and the training — built to the ABA Model Rules with California's rules and the proposed amendments flagged. For solos and small firms who use AI and want to stay within the rules without hiring ethics counsel.
Who it's for: Solo attorneys and small firms using AI to draft and research; anyone who wants a defensible AI posture without building it from scratch.
What's Included:
GenAI Use Policy (fill-in)
Citation & Output Verification Protocol
Client Disclosure & Consent Language
Confidentiality & Tool-Selection Guide
AI Competence training materials + 20-question assessment
AI Ethics Compliance Checklist
Educational templates, not legal advice. Training materials are self-study and do not by themselves confer MCLE credit.
Want JHarris Advisory to implement these for your organization? Start with a scoping conversation @ jharrisadvisory.com/contact
California Rule of Court 10.430 required any court that allows AI to adopt a use policy — and the deadline has passed. This kit gives you the policy and the supporting documents built to the rule's required elements: redaction, records access, vendor vetting, and public-facing AI guidance. Built by a former government attorney for courts that need to get compliant without a consultant on retainer.
Who it's for: Court executive officers, presiding judges, clerk's offices, and court IT/records teams in California.
What's Included:
Court AI Use Policy (built to Rule 10.430)
PII Redaction Protocol (CRC 1.201)
Records Retention & Public-Access Guide (CRC 2.503)
E-Filing / Records / AI Vendor Vetting Checklist
Pro Se / Public-Interaction Guidance
Rule 10.430 Compliance Checklist
Educational templates, not legal advice. Confirm Rule 10.430 and your local rules with your counsel.
Want JHarris Advisory to implement these for your organization? Start with a scoping conversation @ jharrisadvisory.com/contact
Teachers are already using AI, and student data is moving into tools no one vetted. This toolkit gives a district the board-adopted policy and the whole supporting stack — built to FERPA, COPPA, SOPIPA, and California Education Code § 49073.1 — including the board-adoption kit and a § 49073.1 vendor agreement. Built for districts that need it adoptable, not just downloadable.
Who it's for: Superintendents, CTO/CIOs, data-privacy leads, and boards at K-12 districts.
What's Included:
Student-Data & AI Use Policy (keystone)
Risk Tiering + Required Controls + EdTech Vendor Vetting
Classroom AI & Academic Integrity (by grade band)
Parent/Guardian Notice & Consent (COPPA/PPRA)
Student Data Inventory; Staff Acceptable-Use + PD; Equity/Accessibility Review
Board-Adoption Kit + § 49073.1 Data Privacy Agreement
Educational templates, not legal advice. Adapt with your district's counsel and adopt through your board.
Want JHarris Advisory to implement these for your organization? Start with a scoping conversation @ jharrisadvisory.com/contact
Financial-aid data is GLBA "customer information," and any AI tool that touches it is in scope for the Safeguards Rule — with breach-notification deadlines to Federal Student Aid and the FTC. This kit gives you the written program with an AI overlay, the vendor controls, the breach runbook, and the institutional policy. Built by a former government attorney who ran security and privacy programs at scale.
Who it's for: CISO/CIO, General Counsel/compliance, and the financial-aid and research offices at universities and community colleges.
What's Included:
GLBA Safeguards Program + Breach Runbook (FSA/FTC timelines)
Institutional AI & Data Governance Policy
Risk Tiering + Required Controls
AI/EdTech Vendor Vetting (service-provider safeguards)
FERPA & CA Public-Records Handling; Incident & Breach Response
IRB / Research-Data AI Governance (universities)
Educational templates, not legal advice. Confirm current FTC/FSA requirements with your counsel and security office.
Want JHarris Advisory to implement these for your organization? Start with a scoping conversation @ jharrisadvisory.com/contact
This toolkit gives legal, privacy, security, and operations teams a practical incident-readiness package with intake workflows, escalation triggers, assessment tools, communication templates, and tabletop materials.
Who it is for: Legal, privacy, compliance, security, IT, risk, and executive teams that need a defensible incident-response structure before a privacy, security, vendor, or AI-related event occurs.
What is included:
• Incident Intake & Triage Form
• Severity Classification Matrix
• Legal / Privacy / Security Escalation Workflow
• Breach Assessment Worksheet
• Privilege & Investigation Documentation Guide
• Internal Communications Templates
• Vendor / Business Associate Incident Checklist
• Executive Briefing Template
• Incident Response Tabletop Exercise
• Post-Incident Lessons Learned Template
No results match your search. Try removing a few filters.