
Sauna tracks HIPAA and regulatory obligations, drafts policy updates and training rollouts, logs incidents, and assembles audit evidence so the compliance program stays defensible and nothing falls past a deadline.
What it does
Holds the compliance calendar — HIPAA risk assessment, OIG exclusion checks, policy reviews, training due dates — in Airtable and flags what's coming due with the task drafted.
When a regulation or guidance changes, drafts the affected policy revision in Google Docs and a plain-language summary of what staff now must do.
Records reported privacy or compliance incidents, drafts the initial risk-assessment narrative, and posts to Slack the ones that may need breach analysis or escalation.
Pulls the policies, training records, and logs an auditor requests from Drive and drafts the response binder so the evidence is ready before the auditor asks twice.
Put Sauna to work on this.
Get started for freeIn context
Sauna shows up where you already work — the web app, Slack, email, iMessage, and Superhuman. It reads what it needs, does the task, and comes back with the draft for your approval.
Try it
The literal prompt for this job. Open it in Sauna and it picks up from there.
“Our annual HIPAA training is due next month — draft the rollout plan and reminders, list who's overdue from last cycle, and pull our current policy so I can check it's still accurate.”
Plugs into the tools you already run — and thousands more, or any MCP server.
Good to know
No. It tracks obligations, drafts policy and summaries from the current rule text, and flags anything that needs counsel rather than ruling on it itself.
No. It logs and drafts the assessment and escalation; the decision to report or escalate stays with you.
Sauna reads only what you connect, and acts only after you approve. Your workspace and its memory are yours, not training data.
Keep exploring