SEED-luxury-rehab-outreach-playbook

Seed Prompt: Luxury Rehab & Boutique Treatment Center Outreach Playbook

Purpose: Paste this entire file as your opening prompt in a new Claude Code session. Working directory: C:\_my (or C:\_my\_solanasis\solanasis-docs) Delete this file after use — it’s a prompt, not a deliverable.

---

PROMPT START

I need you to create a comprehensive outreach playbook for targeting luxury and boutique residential addiction treatment centers as a national vertical for Solanasis. This is a NATIONAL play — not limited to Colorado. One client win creates referral momentum across the industry. Save the final playbook to:

C:\_my\_solanasis\solanasis-docs\playbooks\Luxury_Rehab_Treatment_Center_Outreach_Playbook_2026.md

Who We Are

Solanasis LLC is a fractional CIO/CSIO/COO consultancy based in Colorado (Boulder/Denver metro). One-person operation (Dmitri Sunshine, CEO) with 1099 contractors. We sell:

• ORB (Operational Resilience Baseline) — 10-day fixed-fee security assessment ($5K-$12.5K)
• Fractional CIO/CSIO retainers ($2.5K-$9K/month)
• Remediation sprints ($9K-$35K)
• DR (Disaster Recovery) verification
• Data migrations, CRM setup, systems integration

We are remote-capable — we do not need to be on-site to deliver assessments. This vertical can be served nationally.

Why Luxury Rehab Centers

Research from a prior session identified luxury/boutique residential treatment centers as the #2 highest-potential underserved segment. Key findings:

The Regulatory Perfect Storm:

• HIPAA applies to all treatment centers that bill insurance or accept Medicare/Medicaid
• 42 CFR Part 2 governs substance use disorder (SUD) records — STRICTER than HIPAA. Requires special consent, prohibits re-disclosure, limits use in legal proceedings
• The 42 CFR Part 2 compliance deadline passed on February 16, 2026 — just weeks ago. Part 2 is now aligned with HIPAA and enforced by OCR (Office for Civil Rights) with civil money penalties. Anyone can file a complaint. Most small treatment centers don’t know they’re exposed.
• Proposed HIPAA Security Rule overhaul expected to finalize mid-2026: eliminates the “addressable” vs. “required” distinction (everything becomes mandatory), requires MFA on all systems touching ePHI, requires encryption at rest AND in transit, 180-day compliance window after finalization
• Joint Commission accreditation requirements (for accredited facilities)

The Luxury Angle — Why This Sub-Segment Specifically:

• Luxury centers charge $30K-$75K/month (some $100K+). Clients are wealthy, high-profile, often public figures.
• Discretion IS the product. If a celebrity or executive’s treatment records leak, it’s not just a HIPAA fine — it’s a business-ending reputational catastrophe.
• These facilities invest heavily in physical amenities (private suites, chefs, equine therapy) but typically underinvest in IT security. The gap between “we promise discretion” and “our IT systems actually protect your data” is enormous.
• Small teams (15-60 employees). Owner-operators or small ownership groups. No internal IT department.
• Wealthy owners who can afford to pay for quality services. Not budget-constrained like community health centers.

Vendor Gap:

• Clinical compliance consultants exist (they help with state licensing, Joint Commission, clinical protocols) but they do NOT touch IT security.
• MSPs serve some facilities but few understand the intersection of HIPAA + 42 CFR Part 2 + luxury discretion requirements.
• Almost nobody is positioning as “the cybersecurity firm that protects your clients’ privacy at the IT level.”
• SaaS EHR vendors (Kipu Health, Sunwave, BestNotes, Alleva) handle clinical records but don’t assess the facility’s overall security posture.

Market Characteristics:

• This is a NATIONAL market. Luxury rehab centers cluster in: Southern California (Malibu, Newport Beach, San Diego), Arizona (Scottsdale, Sedona), Florida (Palm Beach, Delray Beach, South Florida), Colorado (Boulder, Vail area), Utah, Hawaii, Connecticut, and New York/Hamptons.
• The market is small enough to be knowable (estimated 200-500 true luxury/boutique residential centers nationally) but large enough to build a vertical practice.
• High client lifetime value: assessment → remediation → ongoing retainer. One facility could be $50K-$100K+ over 2 years.
• Strong referral dynamics: luxury rehab owners know each other. Conference circuit is tight. One happy client opens doors.

What I Need in the Playbook

Section 1: Total Addressable Market (TAM) — This Is Critical

Build the most complete picture possible of the national luxury/boutique residential treatment center market:

• How many exist in the US? Where are they concentrated geographically?
• What defines “luxury” vs. standard residential treatment? (Price point, amenities, bed count, accreditation, clientele?)
• Key clusters/geographies ranked by concentration
• How to find them ALL — not just the famous ones. Sources to compile a master list:
  • SAMHSA treatment locator (samhsa.gov) — can we filter for residential + private pay?
  • State licensing databases (which states have the most?)
  • Industry directories (NAATP — National Association of Addiction Treatment Providers, LuxuryRehabs.com, etc.)
  • Google/search strategies to find unlisted/discreet facilities
  • Apollo.io search strategies (filters, keywords, industry codes)
  • LinkedIn search strategies
  • Insurance network directories (luxury centers are often out-of-network, but some accept PPO)
• Provide a concrete action plan for building a master prospect list of 200-500 luxury rehab centers with owner/decision-maker contact info

Section 2: Segment Profile

• Who owns these facilities? (Clinician-entrepreneurs? Investors? PE-backed groups? Recovery advocates who built a business?)
• Decision maker personas: Owner, CEO, Clinical Director, Operations Director, Compliance Officer
• Who actually makes IT/security purchasing decisions? Who influences?
• Organizational structure (clinical staff, admin, marketing, admissions — who’s who?)
• Their tech stack: EHR systems (Kipu, Sunwave, BestNotes, Alleva, others?), billing software, CRM/admissions software, telehealth platforms, communication tools
• Their existing vendor relationships: clinical compliance consultants, EHR vendors, insurance billers, marketing agencies (rehab marketing is a huge industry), MSPs if any
• How do they currently handle IT? (internal staff, MSP, nothing, the owner’s nephew?)

Section 3: Pain Points & Service Mapping

Map every pain point to a specific Solanasis service offering:

• 42 CFR Part 2 compliance gap — What specific IT controls does Part 2 require now that it’s aligned with HIPAA? What does a Part 2 IT readiness assessment look like?
• HIPAA Security Rule compliance — Current requirements + how to prepare for the upcoming overhaul
• Client data discretion audit — Beyond compliance: can their systems actually deliver on the discretion promise? (Think: who has access to client records? Can a marketing employee see clinical data? Are text messages with clients encrypted? Is the Wi-Fi network segmented? Can a disgruntled employee exfiltrate the client list?)
• Wire fraud / BEC risk — Treatment centers process large payments ($30K-$75K). Wire fraud and business email compromise target these transactions.
• Vendor security assessment — Their EHR vendor, billing company, marketing agency all have access to client data. Who’s vetting them?
• Incident response planning — Part 2 now requires breach notification procedures. Do they have a plan?
• Cyber insurance readiness — Are they insured? Can they pass a cyber insurance questionnaire?
• Staff training — Clinical staff handle sensitive data daily. What’s their security awareness?

For each pain point:

• What Solanasis service maps to it (ORB, remediation sprint, retainer, training)
• What the specific deliverable looks like
• Pricing guidance
• How to talk about it in non-technical, non-scary language (these are clinicians, not IT people)

Section 4: Customized ORB for Luxury Rehab

Design the title-specific version of our 10-day ORB assessment:

• Day-by-day outline of what the assessment covers
• Specific assessment areas for a treatment center (EHR security, network segmentation, physical access controls, staff access management, vendor review, backup/DR, Part 2 compliance controls, incident response readiness)
• What the deliverable report looks like (table of contents, executive summary structure, findings format)
• What makes this different from a generic security assessment (Part 2 expertise, discretion focus, understanding of clinical workflows)
• Pricing strategy: is $12.5Ktherightpricepointforaluxuryfacilitythatcharges$50K/month? Or should we price higher given the clientele?
• Upsell path: assessment → remediation → ongoing retainer → annual reassessment

Section 5: Pitch Deck Outline

Full slide-by-slide outline for a luxury-rehab-specific pitch deck:

• Opening hook (emotional — client data exposure scenario)
• The regulatory landscape (Part 2 + HIPAA + upcoming changes)
• Industry-specific statistics (breaches in healthcare, treatment center-specific if available)
• The discretion gap (“Your clients pay for privacy. Can your IT deliver?“)
• What we assess (visual overview of scope)
• Case study format (even if hypothetical for now — “what we typically find”)
• The deliverable (sample report structure)
• Pricing and engagement options
• Why Solanasis (remote delivery, HIPAA/Part 2 expertise positioning, independence from their EHR vendor)
• Call-to-action
• Detailed enough to build in Canva

Section 6: Apollo.io + Multi-Source Prospecting Guide

This is a national play, so we need to go beyond Apollo:

• Apollo.io search filters for finding rehab/treatment center decision makers nationally
  • Which industries, keywords, title filters work?
  • How to filter for luxury/boutique (vs. community health centers, methadone clinics, etc.)
  • State-by-state targeting strategy (start with highest-concentration states)
• LinkedIn Sales Navigator search strategies (if we have access)
• SAMHSA directory scraping/export strategy — can we get a structured dataset?
• State licensing database strategies for key states (CA, FL, AZ, CO, UT, CT, NY)
• NAATP member directory as a source
• Google search operators for finding luxury rehab centers
• How to build and maintain the master prospect list
• Apollo sequence template (5-step, rehab-specific)
• Credit-efficient strategy: Since Apollo free plan has 10 export credits/month, how to maximize value — use Apollo for search/discovery, manually research the top prospects, reserve exports for the cream

Section 7: Outreach Messaging

• Cold email templates (3-4 variants) — must be tasteful. These are healthcare providers dealing with vulnerable populations. No fear-mongering about patients. Lead with regulatory compliance and business protection, not “your patients’ data could leak.”
• LinkedIn connection request + follow-up messages
• Phone script (warm, consultative tone)
• One-pager content outline (PDF leave-behind)
• Subject lines ranked by expected open rate
• Tone guidance: Professional, compliance-focused, empathetic. NOT the aggressive “wire fraud will kill your business” tone we use for title companies. These are people who went into healthcare to help people. Speak their language.

Section 8: Competitive Landscape

• Who else is selling IT security services to treatment centers?
• Are there HIPAA compliance firms that specialize in behavioral health/SUD treatment?
• How do we differentiate from generic HIPAA compliance consultants?
• What’s the difference between what we offer and what their EHR vendor provides?
• Is there anyone else positioning at the intersection of 42 CFR Part 2 + IT security? (This is likely our unique differentiator)

Section 9: Sales Process & Timeline

• National sales process (we’re remote — how does this work?)
  • Discovery call structure
  • Proposal format
  • How to handle the “can you do this remotely?” objection
  • How to handle the “we already have an IT guy” objection
  • How to handle the “we passed our last HIPAA audit” objection
• Expected timeline from first contact to signed deal
• Referral strategy: how to turn one happy client into 3-5 more
• Industry conference / association strategy (NAATP, state associations, recovery industry events)
• Content marketing angle: should we publish thought leadership on Part 2 compliance for treatment centers?

Section 10: Success Metrics & Go-to-Market Timeline

• 30/60/90 day milestones
• How many facilities to contact per week
• Expected response and conversion rates for this niche
• Revenue targets for this vertical
• When to invest in paid Apollo / paid LinkedIn Sales Nav for this vertical
• Decision point: at what point do we brand a sub-offering? (e.g., “Solanasis Recovery Security” or similar)

Existing Files to Reference

Read these for context, voice, and frameworks. DO NOT duplicate — reference and extend:

• Master GTM Playbook: C:\_my\_solanasis\solanasis-docs\playbooks\Solanasis_Master_GTM_Playbook_2026.md
• Cold Email Master Playbook: C:\_my\_solanasis\solanasis-docs\playbooks\solanasis-cold-email-outbound-master-playbook-2026.md
• Apollo Cheat Sheets: C:\_my\_solanasis\solanasis-docs\playbooks\apollo-io-cheat-sheets-2026-03-25.md
• Apollo Evaluation Plan: C:\_my\_solanasis\solanasis-docs\playbooks\deep-plan-apollo-evaluation-outreach-2026-03-25.md
• Brand Voice: C:\_my\_solanasis\solanasis-docs\solanasis-voice-profile.md
• Outreach Options: C:\_my\_solanasis\solanasis-docs\playbooks\outreach-options-march-2026.md
• ORB Pack v2: C:\_my\_solanasis\solanasis-docs\playbooks\solanasis_orb_pack_v2\ — the ORB delivery system
• CLAUDE.md (repo): C:\_my\_solanasis\solanasis-docs\CLAUDE.md
• Title Company Playbook (companion): C:\_my\_solanasis\solanasis-docs\playbooks\Title_Company_Escrow_Outreach_Playbook_2026.md — if it exists by the time you run this, reference it for structural consistency

Research You MUST Do

Use WebSearch and the research-agent extensively. This vertical requires deep domain knowledge:

• 42 CFR Part 2 IT requirements — What specific technical controls does Part 2 now require? What changed with the February 2026 alignment with HIPAA? What does OCR enforcement look like?
• HIPAA Security Rule for behavioral health — Current requirements + proposed 2026 overhaul specifics
• Luxury rehab facility directories — SAMHSA locator, NAATP, LuxuryRehabs.com, Psychology Today treatment directory. How many results? Can we get structured data?
• Geographic concentration — Which states have the most luxury residential facilities? Licensing requirements by state.
• EHR market for treatment centers — Kipu Health, Sunwave Health, BestNotes, Alleva, others? Market share? What security do they provide vs. what’s the facility’s responsibility?
• Rehab industry conferences and associations — NAATP (National Association of Addiction Treatment Providers), state-level associations, recovery industry events. Where do these owners gather?
• Treatment center breaches / enforcement actions — Any OCR enforcement actions against SUD treatment providers? Any publicized breaches? These go in the pitch deck.
• Luxury rehab marketing agencies — Companies like DISA, Behavioral Health Network Resources, etc. that serve this niche. Could they be referral partners?
• Private equity in behavioral health — 56 PE deals in behavioral health in 2025 alone. Which PE firms own luxury centers? How does PE ownership change the buying process?
• Typical IT maturity — What does IT usually look like at a 20-40 person treatment center? What are the common gaps?

Tone & Format

• Professional, compliance-focused, empathetic. These are healthcare providers, not real estate agents.
• The pitch is “protect your clients and your license” not “you’re going to get hacked”
• Actionable checklists over academic analysis
• Include actual copy (emails, scripts, one-pager content) — not placeholders
• Tables for comparisons, bullet points for lists
• Obsidian-compatible markdown (no MDX)

Planning Approach

This is a complex deliverable. Use /deep-plan to plan your approach before writing. The final playbook should be one comprehensive file. If the TAM research is extensive enough, it can be a companion file:

C:\_my\_solanasis\solanasis-docs\playbooks\Luxury_Rehab_TAM_Research_2026.md

After Writing

Run the senior-reviewer agent on the finished playbook — this is a strategic deliverable targeting a new national vertical.

PROMPT END