CPS One Healthcare Brain · Governance & Compliance · 96% retention · NPS 76

The guardrails
for AI in healthcare.

CPS One — CompliancePro Solutions is the privacy, compliance, and AI-governance platform purpose-built for healthcare. Automate the full privacy lifecycle — incidents, risk assessments, breach reporting, BAA tracking, disclosures, policy enforcement — and govern the AI now entering every healthcare workflow with structured AI Readiness Assessment, AI Risk Assessment, and continuous AI policy enforcement.

HIP One and PES One deliver healthcare AI. CPS One is the Governance Lobe of the Healthcare Brain — the counterbalance, the guard at the gate.

CompliancePro Solutions — privacy and security audit interface on tablet
CPS One · Privacy & security audit on a tablet
Snapshot
76
Net Promoter

NPS from active customer base

96%
Retention

Three-year customer retention rate

72%
Measurable results

Customers measuring results across 5+ compliance categories

$9.77M
Average healthcare data breach

2024 industry average per IBM Cost of a Data Breach Report — source

Built for
HIPAA Privacy & Security Rule · 21st Century Cures Act · GDPR · CCPA / state privacy laws · NIST AI RMF
Architecture Note · Outcome & Authority

Audit-proof compliance. Total transparency, risk mitigation, governance you can prove.

CPS One automates the privacy program lifecycle — incident management, breach notification, BAA tracking, disclosure accounting, AI governance — on deterministic workflows that produce audit-ready evidence as a byproduct of doing the work.

The Authority

CPS One — the Governance Lobe of the Healthcare Brain at Genzeon Platforms.

CPS One is the Governance Lobe of the Healthcare Brain — the brain's deterministic chamber, rule-grounded by design. Decisions reconstruct from the rule pack version that produced them. CPS Insights is the only AI-touched analytical surface; everything that touches PHI runs deterministic. The Healthcare Brain runs on Aether One™ — the Intelligent Foundation underneath every Genzeon Platforms deployment.

Explore the Healthcare Brain architecture →

Brain · Three Lobes
  • Reasoning — HIP One · clinical synthesis & medical review
  • Engagement — PES One · patient and member conversations
  • Governance — CPS One · deterministic privacy & AI governance
The Cost of Getting Privacy Wrong

Privacy breaches remain the most expensive failure in healthcare.

A healthcare data breach now averages $9.77M — the highest of any industry for 14 straight years, per IBM’s 2024 Cost of a Data Breach Report. Human error and sophisticated cyber threats compromise patient data faster than spreadsheet-based privacy programs can respond.

CPS One automates incident tracking, breach notification, BAA management, and disclosure accounting on deterministic workflows — turning privacy program operations from reactive cleanup into structured, audit-ready discipline.

Modules & feature areas

A complete privacy operating system.

Move beyond spreadsheets, ad-hoc forms, and email-driven incident management. CPS One automates the full privacy program lifecycle — and brings the same rigor to AI governance, the newest discipline privacy officers are being asked to own.

AI Governance · new

AI Readiness Assessment

Structured intake to evaluate whether a planned AI use case is ready to deploy in your environment — data, security, regulatory, ethical, and clinical risk dimensions assessed against your existing privacy posture. Documented, audit-ready artifact.

AI Governance · new

AI Risk Assessment

Continuous risk evaluation for AI systems already in operation. Bias, drift, exposure, vendor risk, model-update tracking, and audit-trail completeness — mapped to NIST AI RMF, HIPAA, OCR audit protocols, and emerging state AI laws.

AI Governance · new

AI Policy Library

Pre-built, customizable AI-acceptable-use policies, data-handling agreements, and vendor-AI BAAs. The same template-and-enforce model that powers privacy policy library, extended to AI.

Risk

Privacy Program Risk Analysis

Identify vulnerabilities with automated risk assessments to close compliance gaps before they become violations.

Incidents

Privacy Incident Management

Automate tracking, filing, and resolution of privacy incidents to ensure timely compliance reporting and breach notification.

Assessments

Privacy Risk Assessments

Audit-ready, web-based privacy assessments — replacing spreadsheets, ad-hoc forms, and email-driven workflows. Privacy Officer-led. Mapped to HIPAA Privacy Rule, OCR audit protocols, state privacy laws, and GDPR. Reusable templates with version control and audit-trail evidence for every change.

Assessments

Security Risk Assessments

Comprehensive security risk audits aligned to HIPAA Security Rule (including 2026 updates) and SOC 2 control mappings. CISO and security-officer-led. Continuous evaluation surface plus point-in-time audit artifacts.

Patient rights

Requests for Amendments & Restrictions

Manage patient data requests efficiently, ensuring compliance with regulatory guidelines.

Audit

Accounting of Disclosures

Track all patient data access and disclosures, maintaining transparency and audit readiness.

Vendors

Business Associate Tracking

Automate third-party risk management. Ensure vendor compliance with HIPAA and other data protection regulations.

Policies

Privacy Policy Template Library

Pre-built, customizable templates to enforce policy consistency across your organization.

Reporting · powered by Aether One™

CPS Insights

Analytical decision-making for healthcare privacy data. Enterprise dashboards across all modules. The CPS Insights module is the only place CPS One uses Aether One™ — for analytical pattern detection and dashboard reporting only. Privacy data is not used for AI training; the rest of CPS One operates on deterministic workflows by design.

Breach response

Breach Notification Engine

Automated workflows for HIPAA Breach Notification Rule compliance — affected individuals, HHS OCR, media notification thresholds.

Compliance & sanctions

Two integrated compliance modules. From exclusion risk to internal misconduct.

Sanctions exposure and unreported misconduct are two of the costliest compliance failures in healthcare. CPS One ships with two purpose-built modules that handle both — without manual spreadsheet wrangling.

Module · Excluded Party Screening

Mitigate risk. Maintain compliance.

Sanctions screening across federal and state exclusion databases — with batch capacity, ongoing monitoring, and audit-ready evidence at every step.

  • Broad coverage
    OIG, GSA, federal & all state exclusion databases — nothing slips through.
  • Batch screening
    Screen any size employee or vendor list as often as needed.
  • Ongoing monitoring
    Automated recurring checks for new hires, vendors, and new exclusion additions.
  • Adverse-match resolution
    Investigate, adjudicate, and document false positives with full case management.
  • Audit-ready reports
    Summary statistics and detail reports — fully defensible documentation at every step.
Module · Enterprise Ethics Hotline

Every voice heard. Every report secure.

Anonymous incident reporting with secure two-way communication. Designed for the moments when an employee, contractor, or patient needs to raise a concern without exposure.

  • Multi-channel reporting
    Online, phone, voicemail, and mail — all anonymized and securely transcribed.
  • Real-time reviewer alerts
    Designated reviewers are notified the moment a report is submitted.
  • Secure two-way communication
    Reviewers communicate with anonymous reporters through an encrypted portal.
  • Collaborative case management
    Full documentation and audit trails shared only with those who need to know.
  • Role-based confidentiality
    Access is limited to authorized personnel — maintaining reporter trust at every step.
$9.77M

Average healthcare data breach.

Healthcare leads every industry for breach cost — 14 years running, per IBM’s 2024 Cost of a Data Breach Report. The two modules above are the most direct lever to bring that exposure down.

Built for healthcare

Providers, payers, and health-tech.

Designed for organizations of every size — from physician practices to integrated delivery networks to national plans. Same platform, same audit posture.

Open-Weight De-identification

CliniGuard NER — auditable PHI de-identification, published on Hugging Face.

De-identification is the load-bearing primitive for any AI touching PHI — the kind that, if it fails silently, takes compliance budgets with it. It deserves to be inspectable, not opaque. Genzeon Platforms publishes CliniGuard NER as our open-weight, Apache-2.0 contribution to making that primitive verifiable.

Model

20 PHI/PII categories. HIPAA Safe Harbor aligned.

A clinical NER model for detection and de-identification of Protected Health Information and Personally Identifiable Information in clinical text. Bio_ClinicalBERT fine-tune, ~110M parameters, Apache-2.0 license — freely usable in commercial healthcare workflows.

Headline F1: Micro 0.9695 · Macro 0.9656. Recommended use: human-in-the-loop pairing for high-stakes de-identification.

Why this matters for privacy and compliance teams

Inspect before you trust.

Most AI vendors ship de-identification as a black box. Open weights with named base models and reproducible evaluation let your privacy officer, security team, and external auditors review the actual primitive — not a marketing claim. That posture is the one we believe healthcare AI needs.

Why CPS One

Built by compliance experts. Trusted by regulated healthcare organizations.

Five reasons CPS One is the platform regulated healthcare organizations choose for compliance, privacy, and AI governance.

01

Deep domain expertise

Specialists in compliance and sanctions with years navigating complex healthcare regulatory environments.

02

Automated & scalable

A platform built to grow from small practices to large health systems — without adding headcount.

03

Strong auditability

Every action, decision, and document captured and preserved for complete audit-readiness at any time.

04

Proven track record

Demonstrated results across regulated industries with a history of successful compliance program outcomes.

05

Flexible support model

Full managed services or platform-only — responsive support that meets your team where they are.

Customer Outcomes

Privacy programs that scaled without manual workarounds.

Four privacy programs that moved off spreadsheets and ad-hoc workflows onto CPS One — at health systems, academic medical centers, and revenue cycle organizations.

Anderson Healthcare

Manual privacy processes, eliminated.

Centralized documentation transformed Anderson Healthcare's privacy program.

"The implementation of CPS One has been a significant time saver. The ability to customize and manage documentation centrally has transformed our privacy program."

Ashley Brown, Director, Compliance and Privacy

Read the case study →

 Academic Health Center

3x speed to closure.

900-physician academic health center cut investigation cycle time from 60 days to 16–17.

Read the case study →

 North Kansas City Hospital

Privacy program efficiency, boosted.

451-bed acute care hospital replaced internal file-share tracking for HIPAA breaches and privacy investigations.

Read the case study →

 Knowtion Health

Risk assessments, streamlined.

Revenue cycle management organization automated privacy and security risk assessments and incident tracking.

Read the case study →

See all customer outcomes →

A deliberate stance

Most of CPS One uses no AI. By design.

Privacy officers asked us a hard question: how can you be the AI governance platform if you yourself run on AI? The answer matters. CPS One is built on deterministic workflows for every action that touches PHI, BAAs, breach notifications, OCR audit response, and policy enforcement. The CPS Insights module — analytical dashboards and pattern detection — is the single exception, and it operates on aggregated reporting data only.

CPS One core platform

Deterministic workflows. No AI on PHI.

Risk assessments, incident management, breach notification, BAA tracking, disclosure accounting, policy enforcement, AI Readiness, and AI Risk Assessment all run on rule-based, deterministic logic. Decisions are reconstructable from the rule pack version that produced them. Privacy officers retain full control. No model surprises.

CPS Insights only

Reporting analytics, on aggregated data.

The CPS Insights dashboard layer uses Aether One™ for pattern detection across aggregated reporting data — trend analysis, anomaly detection, cross-module correlation. It does not write back to your privacy program. PHI is not used for AI training. This scoping is contractual and architectural.

Deployment Model

SaaS-deployed. Multi-tenant or single-tenant.

CPS One is a SaaS-deployed compliance platform — multi-tenant by default, single-tenant for regulated organizations that require it. No on-premise infrastructure to maintain. Configuration via web admin, no engineering deployment. Updates ship continuously; rule packs version automatically when regulations change.

Regulatory frameworks supported

Built around the rules. Updated as they change.

CPS One ships with built-in workflows aligned to the regulations that govern healthcare privacy — and we update them as the rules update.

FrameworkCoverage
HIPAA Privacy & Security RulesIncluding 2026 Security Rule updates. Risk assessments, incident workflows, breach notification, BAA management.
21st Century Cures ActInformation blocking workflows, EHI request handling, exception documentation.
GDPRFor international healthcare operations. DPA management, DSAR workflows, lawful basis tracking.
State privacy lawsCCPA/CPRA, Texas TDPSA, Virginia VCDPA, plus the 17 other state laws active or coming online.
OCR audit protocolsPre-mapped against OCR audit modules for accelerated audit response.
NIST AI Risk Management FrameworkAI Readiness and Risk Assessment workflows mapped to NIST AI RMF Govern, Map, Measure, and Manage functions.
State AI laws (emerging)Colorado AI Act, NYC Local Law 144, California SB 1047 disclosures, state-level health-AI requirements as they pass into law.
Buy · Validate

Available on Microsoft Marketplace. Recognized via the Seal of Excellence.

Two distinct credibility surfaces — one for procurement, one for industry recognition. Both anchor CPS One in established healthcare-compliance trust frameworks.

Microsoft Marketplace

CPS One on Microsoft Marketplace.

Procurement-ready listing on Microsoft Marketplace — MACC-eligible for enterprise Azure customers. Discoverable, transactable, and audit-ready under your existing Microsoft commercial relationship.

Listing currently reflects the Privacy Program Risk Assessment module; broader CPS One SaaS offering is in progress — the link will resolve to the full listing on publish.

View on Microsoft Marketplace →

 Industry Recognition

Earn the Seal of Excellence.

No federal or regulatory body issues a HIPAA compliance certification — so CPS One built one. The Seal of Excellence verifies that a healthcare organization has, in good faith, met all federal HIPAA requirements and can prove it through documented evidence across all mandated compliance domains.

Learn about the Seal of Excellence program →
Customer voices

Privacy officers don't hand out endorsements lightly.

A sample of what privacy and compliance teams say about CPS One across academic medical centers, regional health systems, and revenue cycle organizations.

"CompliancePro is a tremendous timesaver to keep every busy Privacy Professional organized."

Stephanie Musso-Mantione
Chief Information Privacy & Security Officer
Stony Brook University Hospital

"Our privacy team is enjoying the new assessment tool, which has streamlined our auditing process, allowing us to provide immediate results and feedback to management."

Barb Beckett, RHIT, CHPS
System Privacy Officer
St. Luke's Health System

"Our ability to gather and extract information from our cases has increased exponentially."

Matt Mastrocola
Privacy Analyst
MRO Corporation

"The reports and graphs are very customizable and user-friendly."

Lisa Whitacre
HIM & Patient Information Privacy Officer
Lee Health

Looking for case study depth? Read full customer outcomes → · Ashley Brown's Anderson Healthcare testimonial is featured on that case study page.

FAQ

What is CPS One? Common questions answered.

What is CPS One?

CPS One — formerly CompliancePro Solutions — is the privacy, compliance, and AI-governance platform purpose-built for healthcare. It replaces spreadsheet-and-SharePoint privacy programs with eight integrated modules covering the full privacy operations lifecycle: privacy program risk analysis, privacy incident management, privacy and security risk assessments, requests for amendments and restrictions, accounting of disclosures, business associate tracking, and a privacy policy template library. CPS One also operationalizes AI governance for healthcare with AI Readiness Assessment, AI Risk Assessment, and an AI Policy Library. 96% three-year customer retention. NPS 76.

What modules does CPS One include?

Eight core privacy operations modules: (1) Privacy Program Risk Analysis, (2) Privacy Incident Management, (3) Privacy Risk Assessments, (4) Security Risk Assessments, (5) Requests for Amendments and Restrictions, (6) Accounting of Disclosures, (7) Business Associate Tracking, and (8) Privacy Policy Template Library. Three AI governance modules: AI Readiness Assessment, AI Risk Assessment, and AI Policy Library. Two compliance modules: Excluded Party Screening and Enterprise Ethics Hotline. Plus the optional CPS Insights add-on — analytical dashboards on Microsoft Power BI for aggregated reporting data.

Which regulatory frameworks does CPS One support?

HIPAA Privacy and Security Rules including 2026 Security Rule updates. 21st Century Cures Act information-blocking workflows. GDPR for international healthcare operations. CCPA/CPRA and the full slate of state privacy laws (Texas TDPSA, Virginia VCDPA, plus 17 others active or coming online). OCR audit protocols pre-mapped for accelerated audit response. NIST AI RMF for AI governance. Emerging state AI laws including Colorado AI Act, NYC LL144, and California SB 1047 as they pass into law.

Does CPS One use AI?

Most of CPS One uses no AI — by design. Every action that touches PHI, BAAs, breach notifications, OCR audit response, or policy enforcement runs on deterministic, rule-based workflows. Decisions are reconstructable from the rule pack version that produced them. Privacy data is not used for AI training. The single exception is the CPS Insights analytics module — built on Microsoft Power BI — which operates on aggregated reporting data only, never on individual PHI. This scoping is contractual and architectural.

How does CPS One support AI governance specifically?

Three integrated AI governance modules. AI Readiness Assessment is structured intake that evaluates whether a planned AI use case is ready to deploy — data, security, regulatory, ethical, and clinical risk dimensions assessed against your existing privacy posture, producing a documented, audit-ready artifact. AI Risk Assessment continuously evaluates AI systems already in operation — bias, drift, exposure, vendor risk, model-update tracking — mapped to NIST AI RMF, HIPAA, OCR audit protocols, and emerging state AI laws. AI Policy Library provides pre-built, customizable AI-acceptable-use policies and vendor-AI BAAs. CPS One governs AI across HIP One, PES One, and third-party vendor AI in the same platform.

Who is CPS One for?

Privacy officers, compliance officers, and CISOs at health systems, integrated delivery networks, academic medical centers, health plans, revenue-cycle organizations, and business associates. CPS One replaces spreadsheet-and-SharePoint privacy programs with structured, audit-ready workflows that scale from small practices to multi-hospital systems.

CPS Advisory Services

Beyond the platform. Expert-led advisory when your team needs depth.

Most CPS One customers run the platform with in-house compliance teams. When the workload exceeds bandwidth or the question exceeds in-house expertise, CPS Advisory ships expert-led services in two modes: Operate — ongoing privacy and security leadership delivered as a service; Assess — point-in-time audits, tests, and response engagements that produce defensible evidence.

Operate — ongoing leadership and program management

Advisory

Virtual Chief Privacy Officer

Outsourced CPO leadership for organizations that need privacy-program governance without a full-time hire. Strategy, OCR-ready policy, breach response leadership.

Advisory

Virtual CISO

Outsourced security leadership. Roadmap, framework selection (HITRUST, SOC 2, ISO), board reporting, security-program operations.

Advisory

Security Consulting

Project-based security expertise — HIPAA Security Rule remediation, risk-mitigation roadmaps, third-party vendor security review.

Advisory

HIPAA Training

Workforce training programs — HIPAA fundamentals, role-based privacy and security training, refresher modules, board education.

Assess — audits, tests, and response engagements

Engagement

Risk Assessments

Expert-led HIPAA Security Rule and Privacy Rule risk analyses — the OCR-required formal artifact, delivered by people who have responded to OCR audits.

Engagement

Vulnerability Scanning

Automated and analyst-validated scanning across infrastructure, applications, and cloud surfaces. Quarterly or continuous cadence.

Engagement

Penetration Testing

Black-box, gray-box, and red-team engagements scoped to your environment. Includes web app, network, and social-engineering vectors.

Engagement

Incident Response

Retainer-based and incident-trigger response. Forensics, breach scope determination, OCR notification preparation, lessons-learned documentation.

Add CMMC consulting

Cybersecurity Maturity Model Certification engagements for organizations with DoD-adjacent contracts or federal-supply-chain requirements. Levels 1–3 readiness, gap analysis, and remediation roadmap.

Talk to advisory
Next steps

Four steps to live deployment.

A predictable engagement path. No "scope a six-month POC" runway. From first conversation to production, with clear gates at each step.

01

Schedule a live demo

Walk through the platform with the team that built it. 45-minute working session against your real use case.

02

Review integration requirements

Map the platform to your existing systems — EHR, payer admin, telephony, identity, data warehouse. Document gaps.

03

Pilot with your data

Stand up a scoped pilot in your environment. Real data, narrow surface area, measurable outcomes from day one.

04

Deploy & go live

Production rollout with full audit posture, rule-pack governance, and the support model your team needs.

Key Team

Key team members.

Privacy and compliance leadership for CompliancePro Solutions — OCR-ready rule packs, breach response, and program governance.

Micki Jernigan
Micki Jernigan
Derek Walker
Derek Walker
Security & Compliance
HIPAA · SOC 2 Type II · ISO 27001 · NIST AI RMF
Trust details →

See CPS One on a real privacy program.

Live, personalized walkthrough with the team that built the platform — product, engineering, and clinical leads in the room.

Schedule a CPS demo
WHITEPAPER · ARCHITECTURAL DEEP DIVE

Inside the Healthcare Brain.

CPS One is the Governance Lobe of the Healthcare Brain. The architectural deep-dive documents how governance auditing coordinates with the reasoning and engagement lobes in real time, the six CI-testable governance invariants, and the audit-ledger schema that runs underneath the public reporting required by CMS-0057-F.

Read the whitepaper