Do you mean the actual HIPAA Privacy Plan, Notice of HIPAA Privacy that goes to the patient? Is this a new provider because this was something required years ago, OR do you mean a new HIPAA compliance plan to reflect the update of final rules/HITECH? In my consulting I do this but it requires being in-house during the creation of those policies to assess privacy and security through the office/staff, etc.