Regulator portal

A door, not a hallway. Cleared access in 24 hours.

If you represent a regulator, accredited audit firm, or state oversight authority, this page is the front door. Identity is verified inside one business day. Documents — including SOC 2 detail, pen-test reports, breach forensics, AI model cards, and training records — are released within the scope your authority covers.

Request access → Talk to compliance

How this works

Four steps. Twenty-four hours.

Step 01

Submit credentials

Provide your authority, role, jurisdiction, and the matter (or audit) under which you're requesting access. We verify against published rosters and the appropriate registry.

Step 02

Identity verification

Government-credential verification + counter-signed sponsoring authority. For private auditors, an executed NDA + the engaging customer's authorization.

Step 03

Scoped access grant

You receive a time-bounded credential to a curated document room, scoped to your authority. All access is logged, watermarked, and auditable.

Step 04

Live point of contact

A named human at Conceptual Health is assigned to your matter for the duration of your access. Phone, email, video, in-person — your call.

Authorities recognized

Federal, state, and accredited.

If your authority is on this list, the portal applies to you. If you have authority that isn't listed, contact our CCO directly — we'll route you in within one business day.

Federal

Healthcare, privacy, financial-conduct, and research-oversight authorities operating under federal statute.

HHSOffice for Civil Rights (OCR)

HHSOffice of Inspector General (OIG)

CMSCenters for Medicare & Medicaid

FDACDRH · CDER · OCE

FTCBureau of Consumer Protection

FinCENBSA / AML examinations

DEADiversion Control / EPCS

ONCOffice of the National Coordinator

SECInquiry-only · pre-funding posture

VA / IHSFederal customer agencies

State & accredited

State oversight authorities and independent accredited firms working an active engagement.

AGState Attorneys General

DOIState Departments of Insurance

Med-BdState Medical Boards

Pharm-BdState Boards of Pharmacy

DFRState Departments of Financial Regulation

DPAEU/UK Data Protection Authorities

QSAPCI Qualified Security Assessors

3PAOFedRAMP Third-Party Assessors

CSFHITRUST External Assessors

IRBInstitutional Review Boards

Document room

Gated documents, by category.

Documents below are released within scope of your authority. Public attestations are linked from the overview vault; the items here require credential verification.

SOC2-DETAILNDA + verified

SOC 2 Type II — full report

Independent auditor's full Type II report including system description, control objectives, tests of operating effectiveness, and any exceptions. Replaces the public executive summary.

FY-prior · 96 pp · watermarked · 14-day access window

HITRUST-LOVVerifiable

HITRUST CSF r2 Letter of Validation

Issued by HITRUST. Independently verifiable via the HITRUST cert-search lookup using the certificate ID we will share on credential.

v11 · 156 controls · 2-year validity

PENTEST-SUMNDA + verified

Annual Penetration Test — summary

Executive summary plus findings register from the prior fiscal year independent third-party penetration test. Methodology aligned to OWASP WSTG and PTES.

Prior FY · 22 pp · external network + application

RISK-ANLOCR / accreditor

HIPAA Security Risk Analysis

Current Security Risk Analysis under §164.308(a)(1)(ii)(A), with risk-treatment plan, residual-risk register, and Privacy Officer sign-off.

NIST 800-30 methodology · annual refresh

BREACH-LOGOCR · State AG

Breach Log + Forensics Bundle

Full event log under §164.404 / §164.408 with forensic narrative, root-cause analysis, remediation evidence, and individual-notification records.

Quarterly · zero unfiled events to date

MODEL-CARDSFDA · ONC

AI Model Cards + Bias Audits

Model cards for AI Scribe (Whisper-derivative), Master Equation, and Concierge. Pre-deployment bias audit + post-deployment continuous-monitoring reports per axis.

Per-release · IMDRF SaMD aligned

TRAINING-LOGOCR · DOI · QSA

Workforce Training Records

HIPAA, security, privacy, BSA/AML, and role-specific training records for the rolling 12-month period. Per-employee completion timestamps.

≥99% on-time completion · auto-deactivate on expiry

LICENSE-GRIDDOI · DFR · AG

State License Grid (Exchange + Pharmacy)

Per-state license register: money-transmitter licenses, pharmacy permits, telehealth registrations, surety-bond face values, license numbers, expiration dates.

All 50 states + DC + USVI · refreshed monthly

VEND-RISKNDA + verified

Subprocessor + Vendor Risk Register

Current subprocessor list, BAA execution status, security-questionnaire results, residency, and processing purpose for each.

Updated within 30 days of any subprocessor change

IR-PLAYBOOKAccreditor only

Incident Response Playbook + Tabletop Records

Incident response plan, severity matrix, escalation tree, plus the prior-year tabletop exercise records and lessons-learned.

Annual exercise · cross-functional including Legal + Comms

Request access

Tell us who you are.

Submissions are routed to the CCO's office. Inside one business day you will receive (a) a verification email, (b) the named human assigned to your matter, and (c) the document-room credential.

Authority

Jurisdiction

Your full name

Title / role

Official email

Phone

Matter / engagement reference

Scope of documents requested

I confirm I am the named individual above, my authority is current and in good standing, and any disclosure outside the matter or engagement noted will require written authorization from Conceptual Health's CCO.

Cancel

Direct contacts

If you'd rather call.

Compliance is people. The portal exists for speed, not as a barrier. If your matter is urgent or sensitive, call directly.

Chief Compliance Officer

cco@conceptualhealth.com · +1 (555) 010-COMP

Framework-level matters, regulatory correspondence, audit coordination, OCR / HHS / AG inquiries, MOU negotiation.

Privacy Officer

privacy@conceptualhealth.com · +1 (555) 010-PRIV

HIPAA inquiries, individual rights requests, accounting-of-disclosures, breach-coordination.

Chief Information Security Officer

ciso@conceptualhealth.com · +1 (555) 010-CISO

SOC 2 / HITRUST / NIST detail, vulnerability disclosure, pen-test windows, vendor risk reviews.

24/7 Security Operations

soc@conceptualhealth.com · +1 (555) 010-SOC0

Active incidents, suspected breach reports, government emergency-access requests under §164.512.