hipaa
Safeguard articles tagged "hipaa" — guides, analysis, and best practices for software supply chain and application security.
29 articles
HIPAA and the Software Supply Chain in 2026
The HIPAA Security Rule has not changed, but OCR enforcement and the 2024 NPRM are reshaping what supply chain controls covered entities and business associates must demonstrate.
HIPAA Supply Chain Controls: Griffin AI vs Mythos
HIPAA's software supply chain expectations have sharpened in 2025-2026. Evidence generation is the difference between passing an audit and rerunning it.
Healthcare Supply Chain Security Baseline for 2026
What hospitals and payers should actually require from their software vendors in 2026: HIPAA-aligned controls, SBOM expectations, and the threats now hitting clinical environments.
A Healthcare System's Self-Healing Container Rollout
An anonymized account of how a regional North American healthcare system deployed Safeguard's self-healing container base images across 600+ workloads.
The HIPAA Security Rule Update and Your Supply Chain
HHS's December 2024 NPRM rewrites the HIPAA Security Rule with explicit software supply chain, SBOM, and business associate controls set to take effect in 2025 and 2026.
HIPAA Security Rule NPRM: Encryption, MFA, and the End of 'Addressable'
OCR's December 27, 2024 NPRM removes the addressable/required distinction and mandates encryption, MFA, semi-annual vulnerability scans, and annual penetration tests for ePHI.
UnitedHealth Change Healthcare: 190 Million Update and the Long Tail
In January 2025 UnitedHealth revised the Change Healthcare breach count to 190 million people, the largest HIPAA breach in US history. We unpack what changed and the supply-chain lessons that still apply.
Digital Health HIPAA Supply Chain Intersection
Digital health startups collide with HIPAA obligations as soon as they touch clinical data. A regulatory map of the supply chain choke points.
EHR System Dependency Governance
Electronic Health Record platforms carry decades of transitive dependencies. A practical governance model for hospitals, vendors, and compliance officers.
INC Ransom: Inside the Group Targeting Healthcare Infrastructure
INC Ransom has made healthcare a primary target, exploiting the sector's unique vulnerabilities and urgency. A deep dive into their operations and what healthcare security teams should prioritize.
Telemedicine Supply Chain Privacy and Security
Telehealth platforms depend on video SDKs, third-party transcription, and mobile frameworks. A regulatory walkthrough for HIPAA-covered virtual care.
HIPAA and Third-Party Software Components: A Developer Guide
HIPAA never mentions npm, but a vulnerable dependency in an ePHI system is a Security Rule problem. How risk analysis, patching, and BAAs map to your dependency tree.