Compliance · Regulator portal
A door, not a hallway. Cleared access in 24 hours.
If you represent a regulator, an accredited audit firm, or a state oversight authority, this page is the front door. Identity is verified inside one business day. Documents — including SOC 2 Type II detail, penetration-test reports, breach forensics, AI model cards, and training records — are released within the scope your authority covers, watermarked, and time-bounded. Every access is logged on the public CH Chain.
How this works
Four steps. About one business day.
Step 1
Submit credentials
Authority, role, jurisdiction, matter reference (docket, exam, audit ID, sponsor + study).
Step 2
Identity verification
Government credential plus counter-signed sponsoring authority for officials. NDA + customer authorization for private auditors.
Step 3
Scoped access grant
Time-bounded credential to the curated document room, scoped to your authority. Access is logged, watermarked, auditable.
Step 4
Live point of contact
A real human assigned to your engagement for the duration of access.
Authorities recognized
Federal, state, and accredited audit firms.
Federal
- HHS OCR — Office for Civil Rights
- HHS OIG — Office of Inspector General
- CMS — Centers for Medicare & Medicaid Services
- FDA — CDRH, CDER, OCE
- FTC — Bureau of Consumer Protection
- FinCEN — BSA/AML examinations
- DEA — Diversion Control / EPCS
- ONC — Office of the National Coordinator
- SEC — inquiry-only, pre-funding posture
- VA / IHS — federal customer agencies
State & accredited
- State Attorneys General
- State Departments of Insurance (DOI)
- State Medical Boards
- State Boards of Pharmacy
- State Departments of Financial Regulation (DFR)
- EU / UK Data Protection Authorities
- PCI Qualified Security Assessors (QSA)
- FedRAMP Third-Party Assessors (3PAO)
- HITRUST External Assessors (CSF)
- Institutional Review Boards (IRB)
Document room
Ten gated documents. Each NDA-bound. Each watermarked on access.
| ID | Document | Audience |
|---|---|---|
SOC2-DETAIL | SOC 2 Type II full report (96 pp, FY-prior) | NDA + verified · 14-day window |
HITRUST-LOV | HITRUST CSF r2 Letter of Validation (v11, 156 controls) | Verifiable via HITRUST cert-search |
PENTEST-SUM | Annual pen-test summary (prior FY, 22 pp) | NDA + verified |
RISK-ANL | HIPAA Security Risk Analysis (NIST 800-30) | OCR / accreditor · §164.308(a)(1)(ii)(A) |
BREACH-LOG | Breach log + forensics bundle | OCR / State AG · §164.404/408 |
MODEL-CARDS | AI model cards + bias audits (per-release) | FDA / ONC · IMDRF SaMD aligned |
TRAINING-LOG | Workforce training records (12-month rolling) | OCR / DOI / QSA · ≥99% on-time |
LICENSE-GRID | State license grid (all 50 + DC + USVI) | DOI / DFR / AG · refreshed monthly |
VEND-RISK | Subprocessor + vendor risk register | NDA + verified · 30-day refresh |
IR-PLAYBOOK | Incident response playbook + tabletop records | Accreditor only · annual exercise |
Request access
Email the CCO. Acknowledged inside one business day.
Send the following to cco@conceptualhealth.com:
- Authority and jurisdiction (e.g., HHS OCR Region IV; Florida AG Office; HITRUST Assessor Firm)
- Full name, title, official email, phone
- Matter or engagement reference (docket, audit ID, exam number, sponsor + study identifier)
- Scope of documents requested (by document ID above, or natural-language description)
- Attestation that you hold current authority in good standing and that disclosure outside the matter requires written CCO authorization
Acknowledgement within one business day. Identity verification typically completes inside one business day after credentials are received. Access grant follows.
Direct contacts
Four officers. All inboxes monitored.
Chief Compliance Officer: cco@conceptualhealth.com
Privacy Officer: privacy@conceptualhealth.com
Chief Information Security Officer: ciso@conceptualhealth.com
24/7 SOC: soc@conceptualhealth.com