May 28, 2026
HIPAA breach notification, the 60-day clock and what trips it
When the 60-day breach notification clock actually starts under the HIPAA Breach Notification Rule, the four-factor Risk of Compromise analysis and the timing failures that turn an incident into an OCR enforcement action.
May 27, 2026
HIPAA risk analysis vs risk assessment, what OCR actually scores
Why HHS Office for Civil Rights settlements keep citing the same Security Rule risk analysis failure, and how the formal risk analysis differs from the general risk assessments most practices think satisfy it.
April 20, 2026
Medical practice IT, HIPAA safeguards in 60 to 90 days
A practical 60 to 90 day plan for medical practices to bring HIPAA Security Rule safeguards to a defensible baseline, from risk analysis to access controls to incident response.
April 20, 2026
IT for senior-care operators, HIPAA, multi-site and the state inspection
The practical IT and cybersecurity workload a multi-site senior-care operator carries, from HIPAA safeguards to the state inspection readiness the corporate office rarely thinks about.
April 19, 2026
HIPAA for business associates, what's in a BAA and what's not
What a Business Associate Agreement actually commits a vendor to, where the common misreadings surface and how a BA should build the program the BAA promises.