Independent cybersecurity and HIPAA advisory for healthcare practices in Northern and Central Indiana.

No managed services to sell. No referral fees. No vendor partnerships shaping the answer.

FOUNDER INTRODUCTION

Hi — Tom Polk here. I spent 30+ years in healthcare IT leadership, most recently as CIO and Chief Security Officer at a multi-state eyecare group. I founded Northline Advisors to do something I couldn’t do from inside an executive seat: tell small healthcare practices exactly what I see, without worrying about whose budget it comes out of.

Northern Indiana is home — that’s not a tagline, it’s why this practice exists.

Engagements are delivered through GRC platforms you keep access to — not static PDFs that age out the day they’re delivered. So the work stays useful for renewals, audits, and the next governance cycle.

What I don’t sell: security products, MSP services, or anything I’d earn a referral fee on.

WHAT I HEAR FROM PRACTICE OWNERS

“I trust our IT company — but I have no idea if we’re actually compliant.”

“If we get breached, my name is on the door. I don’t know what ‘good enough’ even looks like.”

“We’ve grown. Our security hasn’t kept up.”

Here’s the problem: most IT providers aren’t lying to you — they genuinely believe what they’re telling you. But a lot of what passes for “security” in small practices is the IT equivalent of shooting the side of a barn, drawing a circle around the hole, and calling it a bullseye. They do what they do, slap a label on it, and call it good. Nobody’s checked whether any of it lines up with what HIPAA actually requires — or what a real attacker would actually try.

“That’s not security. That’s just a good-looking hole in the barn.”

HOW I WORK WITH PRACTICES

Most engagements start with a low-cost entry point — a HIPAA Security Snapshot, an MSP Scorecard Review, or a Cyber Insurance Readiness Check. You get an honest picture of where things stand, and we go from there at whatever pace makes sense for your practice.

For practices ready to go deeper, I offer a full HIPAA Risk Analysis, Governance Implementation, and ongoing vCISO advisory support. Every deliverable is plain-language and built to actually be used — ranked priorities, clear ownership, and a roadmap your team can execute without a PhD in cybersecurity.

See the full service menu

WHO NORTHLINE IS A FIT FOR

Northline is built for a specific kind of client. If the description below sounds like you, we should talk. If it doesn’t, I’ll happily point you toward someone better suited.

Independent or small-group medical, dental, optometric, or behavioral health practices (typically 3–50 staff)

Practices in Northern or Central Indiana, or those willing to work remotely

Owners and administrators asking real questions about HIPAA, breach exposure, or cyber insurance — not just looking for a checkbox

Practices that want a second opinion independent of their current MSP or IT vendor

CREDENTIALS

CISSP

Certified Information Systems Security Professional. The gold-standard general security certification.

CCSP

Certified Cloud Security Professional. Cloud architecture, governance, and risk.

HCISPP

HealthCare Information Security and Privacy Practitioner. The healthcare-specific privacy and security credential.

CGRC

Certified in Governance, Risk and Compliance. Authorization frameworks, risk management, continuous monitoring.

ProSci Change Practitioner

Structured change management for security and governance rollouts that actually stick.

BEYOND CONSULTING

My work outside Northline shapes how I work inside it. I’ve served as Past District Governor of Lions Clubs International District 25-G, and I sit on boards and committees with 85 Hope Free Medical Clinic and VisionFirst (the Indiana Lions Eye Bank). The same principle runs through both: do the work, document it honestly, and leave things better than you found them.

My wife Kim and I live in the LaFontaine area. Northern Indiana isn’t a market for me — it’s where my neighbors run the practices I’m trying to protect.

Your patients deserve a second opinion. So does your security.

READY FOR A STRAIGHT ANSWER?

If you’re a practice owner in Northern or Central Indiana asking “Are we actually protected?” — let’s talk. Thirty minutes, no pitch, no pressure. We’ll walk through what you’re actually worried about and whether Northline is the right fit. If we’re not, I’ll point you toward who is.