Looking at some compliance toolkits that healthcare attorneys are offering their clients, I continually get disappointed.

These toolkits offer risk analysis, and policies and procedures all in one package (typically from about $100 and up) but they just do not cover enough - especially in the technical area.  Moreover, depending on the toolkit, the policies and procedures may not be that good either.  The pitch is that the toolkit makes it easy for a small practice to become compliant. Has anyone come across a toolkit that they feel is reasonable and appropriate for small practices?  

As a consultant, I want to ensure that my clients understand and implement appropriate policies, procedures and tools based on an "accurate and thorough" risk analysis.  However, determining "what is enough analysis" to say that it is accurate and thorough for a small practice is a big question.  When I asked one attorney about whether his toolkit would satisfy due diligence in using his toolkit for small practices, he did not respond. 

I've raised this issue in an article in my newsletter and have also posted it on my website at http://www.ibg.com/ShadesOfGrayOpinion.html#RISK   In case you're interested in the newsletter, it's posted at http://www.ibg.com/newsletters/SecurityNewsletterIBGOct-Nov04.htm

Your thoughts and comments on risk analysis are welcome.