Honest pricing for honest risk work.
Every plan surfaces risk indicators and recommendations. No plan — ours or anyone’s — makes a website “HIPAA compliant,” and we price like a tool, not like an audit. Figures below are draft pricing while we onboard early customers.
Free
$0forever
See where your site stands. No card, no account required to start.
- 1 on-demand scan per site per month
- Overall risk score + letter grade
- Top 3 findings with remediation guidance
- Full findings list with email signup
- Shareable report link
Starter
Most popular$39/month (draft pricing)
Continuous monitoring for a single practice website.
- 1 monitored site, weekly rescans
- Email alerts on new findings & score drops
- Full report with every recommendation
- PDF export
- Finding status workflow (acknowledge / resolve)
Practice
$119/month (draft pricing)
For groups and clinics with several patient-facing properties.
- Up to 5 monitored sites
- Daily rescans
- Score trend history & charts
- Priority alerts (cert expiry, new tracker on patient pages)
- Team seats with roles
Agency / Consultant
$299/month (draft pricing)
Manage client portfolios under your own brand.
- Many sites (fair-use cap)
- White-label PDF reports
- Full API access for bulk onboarding
- Client-ready trend reporting
- Priority support
One-time add-on
Deep Scan report
A branded PDF deep-dive of a single scan — every observation, evidence, and remediation step — without a subscription.
Feature matrix
| Feature | Free | Starter | Practice | Agency / Consultant |
|---|---|---|---|---|
| On-demand scans | 1 / site / month | Included | Included | Included |
| Monitored sites | 1 | Up to 5 | Many (fair use) | |
| Rescan frequency | Weekly | Daily | Daily | |
| Risk score & grade | ||||
| Findings shown | Top 3 (full via email) | All | All | All |
| Remediation guidance | Top findings | Full catalog | Full catalog | Full catalog |
| Email alerts | Priority | Priority | ||
| Score trend history | ||||
| PDF export | White-label | |||
| Team seats & roles | ||||
| API access | ||||
| Domain verification required | No (one-off scans) | Yes | Yes | Yes |
Pricing questions
Why is pricing marked as draft?
We're early. These numbers are our honest starting point and may change as we learn from the first cohort of customers — existing subscribers will be grandfathered or given generous notice. We'd rather say that plainly than pretend the pricing page is set in stone.
Does any plan make my website HIPAA compliant?
No, and be wary of any tool that claims otherwise. Sift Health surfaces publicly observable risk indicators and tells you how to address them. Compliance involves administrative, physical, and technical safeguards far beyond what any external website scan can assess.
What's the Deep Scan add-on?
A one-time purchase: a branded PDF deep-dive of a single scan with every observation, the evidence behind it, and step-by-step remediation. Useful if you need a document to hand to your web vendor or leadership without committing to a subscription.
How does the Agency plan's fair-use cap work?
Agency plans are designed for consultants managing client portfolios — typically dozens of sites. We don't hard-cap at a number; we ask that usage reflect a consulting practice rather than reselling raw scan capacity. If you're pushing serious volume, talk to us about an API arrangement.
Can I cancel anytime?
Yes. Subscriptions are managed through the Stripe customer portal — cancel and you keep access through the end of the billing period. Your scan history remains exportable for 90 days after cancellation.