Perspectives
Practitioner
views on what
actually matters.
Commentary on HIPAA compliance, AI governance, healthcare cybersecurity, and regulated enterprise strategy. Written from 16+ years inside these programs — not from the outside looking in.
Articles
The 2026 HIPAA Security Rule Update: What Business Associates Need to Do Now
The proposed 2026 HIPAA Security Rule changes are the most significant update to the regulation in over a decade. Encryption and MFA move from addressable to required. Here is what that means for your organization and what you need to do before the finalization deadline.
Read the full article →Key changes
- Encryption at rest and in transit: addressable → required
- MFA for all systems touching ePHI: addressable → required
- Annual asset inventory now explicitly required
- 72-hour breach notification window (down from 60 days)
- Network segmentation for ePHI systems now addressed
When Does My Health Tech Startup Need a HIPAA Security Risk Assessment?
Most founders think HIPAA compliance begins when they become successful. It begins much earlier — often with a single customer conversation. A practical guide from someone who has completed 900+ SRAs.
Read the full article →When HIPAA becomes real
- A hospital asks for a pilot — and wants a BAA
- A customer asks where patient data lives and who has access
- Your AI tools are processing clinical notes or records
- You've signed your first Business Associate Agreement
- A Series A investor asks about your compliance program
New pieces published regularly.
Follow on LinkedIn to be notified when new perspectives are posted.