hipaa
Safeguard articles tagged "hipaa" — guides, analysis, and best practices for software supply chain and application security.
29 articles
Security compliance frameworks cheat sheet: SOC 2, ISO 27001, PCI DSS, HIPAA
SOC 2, ISO 27001, PCI DSS 4.0, and HIPAA share roughly the same engineering controls — build them once and stop re-implementing access control four times.
What healthtech AppSec needs beyond generic security practices
242.9 million records were exposed in 2024 HIPAA breaches. Generic AppSec checklists don't satisfy FDA premarket SBOM rules or a pending HIPAA rewrite.
A HIPAA technical safeguards checklist for application security teams
HHS reported 663 large healthcare breaches in 2024 exposing 242.9M records. Here's how §164.312's technical safeguards map to concrete app-sec controls.
The HIPAA Security Rule for Software Teams: Safeguards, Structure, and Change Ahead
The HIPAA Security Rule is technology-neutral by design, but its administrative, physical, and technical safeguards translate into concrete engineering work. Here's how the rule is structured and how a proposed 2025 overhaul could tighten it.
HIPAA compliance for developers: securing the software supply chain
HIPAA does not name your open source dependencies, but its Security Rule holds you responsible for them. Here's what developers building health-tech actually need to do.
Software Supply Chain Security for Healthcare
From FDA premarket SBOM requirements to a strengthened HIPAA Security Rule and connected medical devices with decade-long lifecycles, healthcare has a distinct supply chain problem. Here is how to build a program that holds up.
HIPAA Security Rule Update: What the 2026 Final Rule Will Require
HHS published the HIPAA Security Rule NPRM in January 2025. Finalization is on the agenda for 2026. Covered entities and business associates need to start work now.
NYC Health + Hospitals Vendor Breach: 1.8 Million Records, Including Biometrics, Exposed (May 2026)
A months-long intrusion through a third-party vendor exposed medical records, government IDs, geolocation, and fingerprint and palm-print biometrics for at least 1.8 million people at the largest U.S. public health system. We unpack the dwell time and the third-party blast radius.
Does AI pentesting satisfy SOC 2, ISO 27001, HIPAA or PCI...
AI-powered pentesting promises fast compliance checkmarks, but SOC 2, ISO 27001, HIPAA, and PCI DSS 4.0 auditors require more than an automated scan report.
HIPAA vs SOC 2: do you need both?
SOC 2 and HIPAA solve different problems. Here's what compliance automation platforms like Drata cover, where the software supply chain evidence gap remains, and how to close it.
HIPAA vs GDPR key differences
HIPAA and GDPR differ in scope, breach timelines, and enforcement. We break down both laws and where compliance automation and supply chain security tools each fit.
Software Supply Chain Security for Healthcare (HIPAA) 2026
Software supply chain security for healthcare in 2026 means the new HIPAA Security Rule, 405(d) practices, and FDA postmarket expectations converging on SBOM.