About CoreFolio
Built by a team that understands what’s at stake.
CoreFolio exists because small practices deserve the same quality of compliance documentation that well-resourced health systems take for granted — and a guided path to build and maintain it themselves, step by step, without needing dedicated compliance staff to start.
Founder
Melanie B. Brewer
Ph.D., MSHFID
Founder, CoreFolio
Science-trained. Healthcare-native.
UX-obsessed.
I spent the first chapter of my career as a research scientist — a Ph.D. in molecular and structural biology from UCLA, followed by postdoctoral fellowships at Caltech and U Penn, where I worked on human disease proteins. From there I moved into applied healthcare research: nearly a decade as a project manager and UX designer at UCSF.
When I transitioned into product and UX design for life sciences, I brought that institutional knowledge with me. I completed a master’s in Human Factors in Information Design at Bentley University and spent 12+ years at the world’s largest contract research organization, IQVIA, and in consulting, building products for quality management, regulatory affairs, and clinical trials. I have 26 peer-reviewed publications in journals including Nature and Cell, a U.S. patent, and a pair of IQVIA impact awards. I hold HIPAA privacy certification through the CITI Program and am a member of the Health Care Compliance Association (HCCA).
CoreFolio came out of a simple observation: the small independent practices I saw navigating HIPAA documentation — often without dedicated compliance staff — were working from the same undifferentiated checklists as large health systems. The burden was identical; the resources were not. CoreFolio is the product I would have wanted those practices to have. It is calibrated to the actual enforcement record, built on primary-source citations, and designed to walk a practice owner through every required document step by step — producing a file defensible enough to hand to counsel or a HIPAA consultant when they want one.
Ph.D., Molecular & Structural Biology
University of California, Los Angeles
M.S., Human Factors in Information Design
Bentley University — with High Distinction
B.A., Physics
Reed College
26 peer-reviewed publications
Nature, Cell, and other high-impact journals — h-index 22, 12,000+ citations
1 U.S. patent
Peptide analogues for the treatment of iron overload diseases (IQVIA)
HIPAA privacy certified
Research and HIPAA Privacy Protections — CITI Program
Advisory board
Grounded in practice, not just policy.
CoreFolio is shaped by people who work inside the healthcare system — clinicians, compliance specialists, technologists, and practice operators who understand what documentation looks like in a real practice and what small teams can realistically maintain. Our advisory board is deliberately small and intentionally chosen.
James Gerard Brewer, M.D.
Primary care — clinical advisor
Dr. Brewer is a physician dual-trained in internal medicine and pediatrics, practicing primary care in Santa Barbara since 2002. He runs an independent practice — the kind of setting CoreFolio is built for — and his practice uses CoreFolio and contributes directly to its design from the physician-owner perspective.
Fellow, American Academy of Pediatrics (AAP). Member, American College of Physicians (ACP), California Medical Association (CMA), American Medical Association (AMA). Chair of Pediatrics, Santa Barbara Cottage Hospital, 2023–2025. Distinguished Service Award, Cencal Health.
drjamesbrewer.comHIPAA compliance & regulatory affairs
Specialist perspective on OCR enforcement patterns, audit-readiness documentation, and how small covered entities navigate the Security and Privacy Rules in practice.
Behavioral health practice
Solo or small-group therapist, psychologist, or psychiatrist perspective on psychotherapy note protections, substance abuse record requirements, and the HIPAA realities of independent mental health practice.
Dental practice
Dental office perspective on ePHI flows through practice management software, radiograph storage, vendor relationships, and the day-to-day compliance realities of an independent or small-group dental practice.
Healthcare IT & security
Managed IT or fractional CISO perspective on the technical safeguards landscape for small practices: EHR configuration, MFA deployment, device management, and the vendor relationships that carry the most security risk.
Healthcare privacy law
Attorney perspective on HIPAA risk analysis obligations, OCR investigation response, and the legal questions that arise when a small practice is working through its Security and Privacy Rule posture.
Practice operations & administration
Office manager or practice administrator perspective on how compliance responsibilities actually get distributed in a small practice — and what documentation and training workflows can realistically be maintained by a non-clinical team.
Ready to run your risk analysis?
The free HIPAA Risk Assessment takes about 60 minutes and runs entirely in your browser. No account required to start.