Frequently asked questions

Yundra is a HIPAA compliance platform built specifically for solo therapists and small mental health practices. It starts with a free 40-question risk assessment that identifies your compliance gaps, then offers a Compliance Pack — 7 personalised policy documents generated from your answers — everything OCR expects to see in an investigation.

Solo therapists, counsellors, psychologists, and small group practices (1–5 locations) who handle patient information and need to comply with HIPAA’s Security Rule. If you see clients, store patient records, or use an EHR, telehealth platform, or practice email — this is for you.

Yes. The 40-question risk assessment is completely free. You get your overall compliance score, category breakdowns, gap count, and a personalised report — all without paying anything. We don’t ask for a credit card. The Compliance Pack (the 7 generated documents) is the paid product.

Most people complete it in 20–30 minutes. There are 40 questions, all multiple choice. If you have multiple locations, there are 5 additional questions per extra location.

No preparation needed. The questions are in plain English and designed to be answered from memory. You don’t need to look anything up. If you’re unsure about an answer, just select “Not sure” — we’ll flag it as a gap and explain what to do about it in your report.

Yes. You can retake the assessment as many times as you’d like. Each new assessment generates a fresh session with its own score and report.

Seven personalised HIPAA compliance documents, generated from your specific assessment answers, practice details, and vendor information. The documents are: (1) Formal Security Risk Analysis, (2) Policies and Procedures Manual, (3) Notice of Privacy Practices, (4) Incident Response Plan, (5) Contingency and Disaster Recovery Plan, (6) Vendor Inventory and BAA Tracker, (7) Security Official Designation and Training Log. Each document references your practice by name, your specific EHR, email provider, and telehealth platform.

Pricing is based on your number of locations: Solo (1 location) — $399, Multi (2–3 locations) — $599, Multi+ (4–5 locations) — $799. For 6 or more locations, contact us at hello@yundra.health for custom pricing. This is a one-time payment, not a subscription.

No. It’s a one-time payment. You pay once, receive your 7 documents, and they’re yours to keep, print, and use indefinitely. There are no recurring charges.

Your assessment answers and practice details are processed by AI to generate customised compliance documents. Each document is structured to meet OCR (Office for Civil Rights) expectations and references your specific practice name, address, vendors, and compliance gaps.

After payment, your documents are generated automatically. You’ll receive an email with download links within 10–15 minutes. You can also check your documents page directly — we’ll email you when everything is ready.

PDF format. You can download, print, save, and share them as needed for your compliance records.

Yes. Before checkout, you enter your practice details — practice name, practitioner name and title, address, phone, email, EHR system, email provider, and telehealth platform. All 7 documents reference these details throughout instead of generic placeholders.

We accept all major credit and debit cards (Visa, Mastercard, Amex), Apple Pay, Google Pay, and Link (Stripe’s one-click checkout). All payments are processed securely through Stripe — your card details never touch Yundra’s servers.

Yes. Stripe automatically sends a payment receipt to the email address you provided during checkout.

If your documents fail to generate due to a technical issue on our end, we’ll either regenerate them or issue a full refund. Contact hello@yundra.health with your session details and we’ll resolve it promptly.

Yes. All payments are processed through Stripe, a PCI-DSS Level 1 certified payment processor. Your card details are handled entirely by Stripe and never pass through or are stored on Yundra’s servers.

No. Yundra never sees, collects, or stores any patient information. The assessment only asks about your compliance practices and setup — not about individual patients.

We collect your email address (for authentication and document delivery), your assessment answers (to generate your report and score), and your practice details (to personalise your compliance documents). That’s it. We don’t add you to a marketing list, we don’t sell your data, and we don’t share it with third parties.

Yundra does not handle Protected Health Information (PHI). We never see or store patient records. The assessment asks about your compliance practices, not patient data. Therefore, Yundra is not a Business Associate and a BAA is not required for using our service.

Yes. Email hello@yundra.health and we’ll delete your assessment data, practice details, and any generated documents from our systems.

Check your spam or junk folder — the email comes from hello@yundra.health. If it’s not there, try entering your email again on the assessment completion page. Magic links expire after 24 hours. If you continue to have issues, email hello@yundra.health.

Documents typically arrive within 10–15 minutes of payment. Check your spam folder for an email from hello@yundra.health with subject “Your Yundra Compliance Pack is ready”. If it’s been more than 30 minutes, email us at hello@yundra.health with your email address and we’ll look into it immediately.

This means our generation system encountered an error. Your payment was processed successfully — this is a technical issue on our end. Email hello@yundra.health with the page URL and we’ll regenerate your documents or issue a refund.

Not currently. The documents are generated from the practice details you entered before checkout. If you need to correct something (e.g., wrong practice name or address), email hello@yundra.health and we’ll help.

Click the magic link in the original assessment report email — it will take you back to your authenticated session. From there, navigate to your documents page. If you can’t find the email, go to yundra.health/risk-assessment, start a new session, enter the same email address, and we’ll send a new magic link.

The assessment identifies your gaps and scores your current compliance level. The Compliance Pack provides the documentation that OCR expects to see. However, full HIPAA compliance also requires implementing the recommended changes (e.g., enabling encryption, signing BAAs with vendors, configuring MFA). The documents are a critical foundation, but compliance is an ongoing practice — not a one-time checkbox.

A Security Risk Analysis (SRA) is the single most important HIPAA compliance document. It identifies where your patient data lives, what threats exist, and how you’re protecting it. OCR has cited failure to conduct an SRA in every single enforcement action in recent years. Solo practices have been fined $25,000–$30,000 for missing or outdated risk analyses.

OCR (Office for Civil Rights) conducts audits and investigates complaints. The first things they ask for are your Security Risk Analysis and written policies. The Yundra Compliance Pack provides exactly these documents, structured in the format OCR expects. Having them demonstrates good-faith compliance effort.

HIPAA requires that your Security Risk Analysis be reviewed at least annually, or whenever there’s a significant change to your practice (new EHR, new location, staff change, security incident). The other policy documents should be reviewed annually as well.

For solo and small practices, yes — for most purposes. Consultants typically charge $3,000–$10,000 for the same set of documents and risk analysis. Yundra produces equivalent documentation for a fraction of the cost. However, if you have a complex multi-provider setup, have experienced a breach, or are under active OCR investigation, you may want specialist legal advice alongside your Yundra documents.

Yundra works in all modern browsers — Chrome, Firefox, Safari, and Edge. Mobile browsers are fully supported.

No. We use passwordless authentication — you enter your email and we send a one-click sign-in link. No password to create or remember.

Try clearing your browser cache and refreshing the page. If the issue persists, try a different browser. For any ongoing issues, email hello@yundra.health.