Skip to main content
Nona Clinical IT
Services

An itemized menu, not a black-box retainer.

Every engagement is structured as five phases. You approve each item individually — uninvited work is not performed. Hours and tooling costs are visible up front.

00

Kickoff & Onboarding

Included · ~1 week

Before any remediation begins, this short phase formalizes the engagement, gets the legal protections in place, and sets up the communication + access foundations that everything else runs on.

  • Signed Master Service Agreement and Business Associate Agreement.
  • Delegated admin access to M365, domain registrar, vendor portals.
  • Secure credential handoff via shared 1Password vault.
  • Initial documentation handoff (network diagram, equipment, vendor list).
  • Stakeholder intros — 30 minutes with key staff.
  • Dedicated communication channel established (Teams or alias).
  • RustDesk + NinjaOne agent deployed to every endpoint.
  • Weekly async standup + monthly review cadence agreed.
  • On-call SLA: <2 hrs after-hours, <4 hrs business hours.
01

Discovery & Audit

$750 flat · credited toward Phase 2 · 7 business days

A focused on-site visit, written assessment, and prioritized remediation roadmap. The visit fits in a half-day; the report is delivered within seven business days. Walkthrough with Claxton, Kim, or whoever holds the IT decision at your site.

Deliverables

  • Network and endpoint inventory with photographs and configurations.
  • HIPAA Security Rule gap analysis (164.308, 164.310, 164.312).
  • Microsoft 365 tenant posture review.
  • Vendor BAA inventory and renewal status.
  • Itemized Phase 2 remediation roadmap with per-finding hour estimates.
  • 30-minute findings walkthrough with the IT decision-maker(s).

The $750 is credited in full against Phase 2 if you proceed with any remediation work within 60 days.

02

Foundation Remediation

Itemized · $100/hr · scope defined by audit

Phase 2 is the work the audit identified. Each finding gets its own line: the issue, why it must be corrected, hour range, and any hardware or licensing cost. You approve item by item.

Typical scope areas

M365 licensing & posture

Migrate off reseller, upgrade to Business Premium, enforce MFA + Conditional Access, configure DLP.

Endpoint baseline

BitLocker, Defender for Business, Intune compliance policies, Update Rings, third-party app patching via NinjaOne.

Backup

OneDrive Known Folder Move + Backblaze/NinjaOne Backup for full-disk laptop coverage. M365 mailbox backup via Spanning or AvePoint.

Network

Managed firewall, Wi-Fi 6 AP refresh, VLAN segmentation (research vs guest vs IoT), backup-internet failover.

Compliance

Security Officer designation, Risk Assessment, written policies, signed BAAs, Incident Response Plan, annual training.

Identity & access

1Password Business deployment, terminated-employee account cleanup, shared-mailbox audit, privileged access management.

Hardware markup

Hardware is billed at supplier invoice plus 10% handling — or a $20 minimum handling charge, whichever is higher. Supplier invoices are available on request.

03

AI Assistant

3A: $4–5K bundle · 3B: $800–1,800 per workflow

An internal assistant covering the tedious tasks that consume staff hours. Runs on Azure OpenAI inside your Microsoft tenant — same BAA as your email. No third-party AI vendor with separate compliance terms is introduced.

Phase 3A — Foundation Pack ($4,000–5,000 fixed)

Bundled high-ROI workflows delivered in ~4 weeks under a single fixed fee:

  • Azure OpenAI Service deployment inside your M365 tenant.
  • Microsoft 365 Copilot enablement and configuration.
  • Daily operations report (delivered to a Teams channel each morning).
  • End-of-day email summary per inbox.
  • Event-driven sponsor portal alerts.
  • Operations dashboard (web, similar to the CRIO recruitment POC).

Phase 3B — Per-Workflow Add-ons

Once the Foundation Pack is in production, additional workflows are added one at a time as need emerges. Each quoted as a fixed-fee build, typical range $800–$1,800. Examples:

  • Subject visit reminder texts (Telnyx/Twilio + opt-in language + human approval).
  • Team activity summary (weekly per-staff, drawn from CRIO + calendar).
  • Monthly sponsor invoicing prep (extract billable visits from CRIO).
  • CRIO query backlog triage (categorize + draft responses).
  • Custom workflow X — scoped after a 30-min discovery call.

Workflows intentionally excluded (v1)

Real-time protocol deviation drafts, regulatory binder auto-cross-checks, and real-time team activity dashboards carry high clinical or audit stakes. They are excluded from the initial menu until the foundation has proved out and the audit trail has been exercised. Revisit in v2.

Risk posture

  • AI is assistive, never authoritative. Every output that touches sponsor or subject communication has a named human-approval step before it leaves the system.
  • Audit trail by design. Every AI-generated output is logged with the input, the model version, the reviewer, and the disposition.
  • Sponsor disclosure inventory. Each active sponsor's policy on AI use is documented in Phase 1; workflows respect each sponsor's requirements.
04

Website + Hosting

$65 / month · all-in

A refreshed public site on your existing domain, designed for sponsor credibility and subject recruitment conversion. The monthly fee covers both the initial build and ongoing hosting + maintenance — no separate build invoice.

Included

  • 5–7 page site (Home, About, Studies, For Sponsors, For Patients, Contact, Privacy).
  • Mobile-first responsive design.
  • Lead capture forms routed to admin inbox.
  • Google Analytics 4 + Microsoft Clarity for traffic and behavior.
  • On-page SEO baseline + Search Console submission.
  • Managed hosting (Vercel or comparable), auto-renewing SSL, DNS management.
  • Up to two minor content updates per month (10 min each).
  • Quarterly content review.
  • Monthly uptime + traffic report.

Not included (billed at Phase 5 rates)

  • New full pages or major redesigns after initial build.
  • Photo/video shoots, copywriting beyond minor updates, branding work.
  • Custom integrations beyond the initial CRIO recruitment funnel hookup.
05

Managed Services

Month-to-month · 30 days' notice

Once remediation is complete, ongoing operations are covered by a monthly retainer. Two tiers; pick the one that matches your usage. Hours over the quota bill at the standard rate.

Tier 1
$450/mo
5 hours included
Effective rate $90/hr · 10% off standard
Tier 2
$850/mo
10 hours included
Effective rate $85/hr · 15% off standard

Included in either tier

  • M365 tenant administration (licenses, user lifecycle, MFA, Conditional Access).
  • Endpoint patching oversight and EDR alert triage.
  • Backup verification and quarterly restore test.
  • Monthly check-in call + monthly written report.
  • Quarterly compliance review (BAAs, training, policy refresh).
  • After-hours emergency escalation (response within 2 hours, 24/7).
  • Documentation kept current as the site changes.
  • NinjaOne PSA/RMM, 1Password client vault, monitoring infrastructure — all bundled.

Hourly rates

  • $100 / hour — standard business hours (Mon–Fri, 8am–6pm ET). 0.5-hour increments. Follow-up questions in an active conversation count as one event.
  • $150 / hour — after-hours, weekends, federal holidays. 1-hour minimum per incident.
  • $150 / hour, 30-min response SLA — declared emergencies (clinic-wide outage, suspected security incident, PHI breach, sponsor SLA failure) 24/7/365.

Ready to see your specific scope?

The Phase 1 discovery delivers a written, itemized roadmap with hour estimates per finding. $750 flat, credited toward whatever work you approve next.

Schedule discovery