Safeguard
Tag

hipaa

Safeguard articles tagged "hipaa" — guides, analysis, and best practices for software supply chain and application security.

29 articles

Regulatory Compliance

HIPAA and the Software Supply Chain in 2026

The HIPAA Security Rule has not changed, but OCR enforcement and the 2024 NPRM are reshaping what supply chain controls covered entities and business associates must demonstrate.

Mar 3, 20265 min read
AI Security

HIPAA Supply Chain Controls: Griffin AI vs Mythos

HIPAA's software supply chain expectations have sharpened in 2025-2026. Evidence generation is the difference between passing an audit and rerunning it.

Feb 22, 20265 min read
Industry Analysis

Healthcare Supply Chain Security Baseline for 2026

What hospitals and payers should actually require from their software vendors in 2026: HIPAA-aligned controls, SBOM expectations, and the threats now hitting clinical environments.

Feb 11, 20266 min read
Case Studies

A Healthcare System's Self-Healing Container Rollout

An anonymized account of how a regional North American healthcare system deployed Safeguard's self-healing container base images across 600+ workloads.

Jan 22, 20267 min read
Regulatory Compliance

The HIPAA Security Rule Update and Your Supply Chain

HHS's December 2024 NPRM rewrites the HIPAA Security Rule with explicit software supply chain, SBOM, and business associate controls set to take effect in 2025 and 2026.

Sep 15, 20255 min read
Regulation

HIPAA Security Rule NPRM: Encryption, MFA, and the End of 'Addressable'

OCR's December 27, 2024 NPRM removes the addressable/required distinction and mandates encryption, MFA, semi-annual vulnerability scans, and annual penetration tests for ePHI.

Feb 25, 20256 min read
Incident Analysis

UnitedHealth Change Healthcare: 190 Million Update and the Long Tail

In January 2025 UnitedHealth revised the Change Healthcare breach count to 190 million people, the largest HIPAA breach in US history. We unpack what changed and the supply-chain lessons that still apply.

Feb 4, 20257 min read
Regulatory Compliance

Digital Health HIPAA Supply Chain Intersection

Digital health startups collide with HIPAA obligations as soon as they touch clinical data. A regulatory map of the supply chain choke points.

Dec 22, 20247 min read
Best Practices

EHR System Dependency Governance

Electronic Health Record platforms carry decades of transitive dependencies. A practical governance model for hospitals, vendors, and compliance officers.

Oct 28, 20246 min read
Threat Intelligence

INC Ransom: Inside the Group Targeting Healthcare Infrastructure

INC Ransom has made healthcare a primary target, exploiting the sector's unique vulnerabilities and urgency. A deep dive into their operations and what healthcare security teams should prioritize.

Sep 15, 20246 min read
Regulatory Compliance

Telemedicine Supply Chain Privacy and Security

Telehealth platforms depend on video SDKs, third-party transcription, and mobile frameworks. A regulatory walkthrough for HIPAA-covered virtual care.

Aug 20, 20247 min read
Compliance

HIPAA and Third-Party Software Components: A Developer Guide

HIPAA never mentions npm, but a vulnerable dependency in an ePHI system is a Security Rule problem. How risk analysis, patching, and BAAs map to your dependency tree.

Jun 23, 20246 min read
hipaa (Page 2) — Safeguard Blog