Safeguard
Tag

hipaa

Safeguard articles tagged "hipaa" — guides, analysis, and best practices for software supply chain and application security.

29 articles

Compliance & Frameworks

Security compliance frameworks cheat sheet: SOC 2, ISO 27001, PCI DSS, HIPAA

SOC 2, ISO 27001, PCI DSS 4.0, and HIPAA share roughly the same engineering controls — build them once and stop re-implementing access control four times.

Jul 13, 20267 min read
Compliance & Frameworks

What healthtech AppSec needs beyond generic security practices

242.9 million records were exposed in 2024 HIPAA breaches. Generic AppSec checklists don't satisfy FDA premarket SBOM rules or a pending HIPAA rewrite.

Jul 10, 20266 min read
Compliance & Frameworks

A HIPAA technical safeguards checklist for application security teams

HHS reported 663 large healthcare breaches in 2024 exposing 242.9M records. Here's how §164.312's technical safeguards map to concrete app-sec controls.

Jul 9, 20267 min read
Compliance

The HIPAA Security Rule for Software Teams: Safeguards, Structure, and Change Ahead

The HIPAA Security Rule is technology-neutral by design, but its administrative, physical, and technical safeguards translate into concrete engineering work. Here's how the rule is structured and how a proposed 2025 overhaul could tighten it.

Jul 4, 20266 min read
Compliance

HIPAA compliance for developers: securing the software supply chain

HIPAA does not name your open source dependencies, but its Security Rule holds you responsible for them. Here's what developers building health-tech actually need to do.

Jul 2, 20266 min read
Solutions

Software Supply Chain Security for Healthcare

From FDA premarket SBOM requirements to a strengthened HIPAA Security Rule and connected medical devices with decade-long lifecycles, healthcare has a distinct supply chain problem. Here is how to build a program that holds up.

Jul 2, 20266 min read
Compliance

HIPAA Security Rule Update: What the 2026 Final Rule Will Require

HHS published the HIPAA Security Rule NPRM in January 2025. Finalization is on the agenda for 2026. Covered entities and business associates need to start work now.

May 20, 20266 min read
Healthcare Security

NYC Health + Hospitals Vendor Breach: 1.8 Million Records, Including Biometrics, Exposed (May 2026)

A months-long intrusion through a third-party vendor exposed medical records, government IDs, geolocation, and fingerprint and palm-print biometrics for at least 1.8 million people at the largest U.S. public health system. We unpack the dwell time and the third-party blast radius.

May 19, 202613 min read
Compliance

Does AI pentesting satisfy SOC 2, ISO 27001, HIPAA or PCI...

AI-powered pentesting promises fast compliance checkmarks, but SOC 2, ISO 27001, HIPAA, and PCI DSS 4.0 auditors require more than an automated scan report.

May 4, 20267 min read
Regulatory Compliance

HIPAA vs SOC 2: do you need both?

SOC 2 and HIPAA solve different problems. Here's what compliance automation platforms like Drata cover, where the software supply chain evidence gap remains, and how to close it.

Mar 18, 20269 min read
Regulatory Compliance

HIPAA vs GDPR key differences

HIPAA and GDPR differ in scope, breach timelines, and enforcement. We break down both laws and where compliance automation and supply chain security tools each fit.

Mar 10, 20268 min read
Compliance

Software Supply Chain Security for Healthcare (HIPAA) 2026

Software supply chain security for healthcare in 2026 means the new HIPAA Security Rule, 405(d) practices, and FDA postmarket expectations converging on SBOM.

Mar 9, 20267 min read
hipaa — Safeguard Blog