HIPAA Insider

Filling out a security questionnaire doesn’t mean you’re secure.In healthcare and digital health, startups often spend weeks checking “Yes” on 300-row spreadsheets — believing that equals compliance. But enterprise buyers are looking for something very different: proof of security maturity.In this episode of the HIPAA Insider Show, Adam Z. sits down with Larry Trotter II, Founder of Inherent Security, to unpack:Why “HIPAA Compliant” tech still fails enterprise security reviewsThe dangerous gap between questionnaire responses and operational realityWhat healthcare buyers are actually evaluatingWhy checkbox compliance silently kills dealsHow to demonstrate real security maturityIf you sell into healthcare, this episode may explain why deals stall — even when you answered every question correctly.Connect with Larry Trotter II:https://www.linkedin.com/in/larry-trotter-iiInherent Security:https://www.inherentsecurity.com/Learn more about HIPAA-compliant infrastructure:https://www.hipaavault.com/?utm_source=spotify&utm_medium=podcast&utm_campaign=larry-trotter-iiInterested in being a guest on the HIPAA Insider Show?https://www.hipaavault.com/podcast-guest/?utm_source=spotify&utm_medium=podcast&utm_campaign=larry-trotter-ii

Your health data may be for sale — without you ever knowing.In this episode of the HIPAA Insider Show, we uncover the invisible industry of health data brokers and how so-called “de-identified” medical records are legally sold to advertisers, insurers, and third parties.Host Adam Z. is joined by Dr. Edward Sharpless, Co-Founder of HealthConsent, to discuss:How health data is monetized behind the scenesWhy “de-identified” doesn’t always mean anonymousThe loopholes in U.S. health privacy lawsWhere HIPAA protections stopHow individuals and employees can automate their privacy rights and opt out of data salesThis episode is essential listening for anyone concerned about medical data privacy, patient rights, and who truly controls health information in the U.S.Learn more about HealthConsent:https://myhealthconsent.orgLearn more about HIPAA Vault:https://www.hipaavault.com/?utm_source=spotify&utm_medium=podcast&utm_campaign=health_dataInterested in being a guest on the HIPAA Insider Show?https://www.hipaavault.com/podcast-guest/?utm_source=spotify&utm_medium=podcast&utm_campaign=health_data

Collecting patient data shouldn’t be expensive or complicated.In this episode of the HIPAA Insider Show, Adam is joined by HIPAA Vault CEO Gil Vidals to unveil the new HIPAA Forms & Workflow product—built to simplify secure patient intake from start to finish.We break down how healthcare organizations can:Build HIPAA-compliant online forms with drag-and-drop simplicityEliminate per-user and per-submission feesUse unlimited users and unlimited submissionsSecure PHI with encryption and a signed Business Associate Agreement (BAA)Create a fully compliant patient intake lifecycle without technical headachesIf your organization collects patient intake forms, registrations, or any PHI online, this episode shows how to do it securely, affordably, and at scale.Learn more about HIPAA Forms by HIPAA Vault:https://www.hipaavault.com/hipaa-compliant-forms/?utm_source=spotify&utm_medium=podcast&utm_campaign=hipaa_formsWant to be a guest on the HIPAA Insider Show?https://www.hipaavault.com/podcast-guest/?utm_source=spotify&utm_medium=podcast&utm_campaign=hipaa_forms

In this episode of the HIPAA Insider Show, Adam Z. and HIPAA Vault CEO Gil Vidals revisit one of the most common — and most misunderstood — questions in healthcare IT: using WordPress in a HIPAA-regulated environment.With upcoming 2026 HIPAA Security Rule updates making safeguards mandatory and enforcement stricter, we break down what has fundamentally changed and what core compliance principles still matter for healthcare organizations and business associates using WordPress.You’ll learn:What the 2026 HIPAA updates mean for WordPress websitesWhy Multi-Factor Authentication (MFA) and encryption at rest are no longer optionalHow mandatory security testing impacts healthcare websitesCommon WordPress compliance mistakes that lead to breachesWhy your hosting provider is the foundation of HIPAA complianceIf your organization uses WordPress for patient intake forms, portals, or healthcare marketing, this episode will help you avoid costly compliance gaps and future enforcement risks.Learn more about HIPAA-compliant hosting with HIPAA Vault:https://www.hipaavault.com/hipaa-hosting-solutions/?utm_source=spotify&utm_medium=podcast&utm_campaign=wordpress2026Interested in being a guest on the HIPAA Insider Show?https://www.hipaavault.com/podcast-guest/?utm_source=spotify&utm_medium=podcast&utm_campaign=wordpress2026

AI is transforming healthcare — but can tools like ChatGPT, Claude, and Gemini truly handle patient data safely?In this week’s HIPAA Insider Show, Adam puts the biggest AI chatbots to the test with a live compliance experiment, asking them directly about their HIPAA readiness. The results? Eye-opening.You’ll learn:What AI chatbots say about their own HIPAA complianceWhy the Business Associate Agreement (BAA) is non-negotiableThe HIPAA AI Checklist every organization must follow after signing a BAAHow administrative safeguards make AI both secure and compliantWhy HIPAA-compliant AI platforms in 2025 are now within reach for all healthcare organizationsIf you’re exploring AI for healthcare operations or patient interaction, this episode is a must-listen.Learn more about HIPAA Vault:https://www.hipaavault.com/hipaa-hosting-solutions/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode96Become a podcast guest:https://www.hipaavault.com/podcast-guest/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode96

One missing laptop. Millions in penalties.In this episode of the HIPAA Insider Show, Adam and Gil examine one of the most costly HIPAA violations in recent years — the $3.9 million fine issued to the Feinstein Institutes for Medical Research after a stolen, unencrypted laptop exposed sensitive patient data.They break down:How a single stolen device triggered a massive HIPAA fineWhat security safeguards were missingHow HIPAA compliance could have prevented this breachThe critical role of HIPAA-compliant cloud hosting in protecting PHIWhat your organization can do to avoid similar fines and enforcement actionsIf you’ve ever thought, “It won’t happen to us,” this episode will make you think twice — and show you how to protect your organization from becoming the next headline.Learn more about HIPAA Vault:https://www.hipaavault.com/hipaa-hosting-solutions/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode94Become a podcast guest:

From free scans to pen tests — Adam Z. and Henri Alfonso explain the different types of vulnerability scans and how they impact your security. Not all vulnerability scans are created equal. From free URL-based checks to full-scale penetration tests, knowing the difference is key to strengthening your security posture.In this episode of the HIPAA Insider Show, Adam Z. and HIPAA Vault’s expert Henri Alfonso break down:The main types of vulnerability scans and what they revealHow application and system scans differWhen to use vulnerability scanning tools vs. penetration testingWhy choosing the right scan matters for HIPAA compliance and protecting patient dataIf you’ve ever wondered whether your scans are leaving gaps, this episode will give you the clarity to make better security decisions.Learn more about HIPAA Vault:https://www.hipaavault.com/hipaa-hosting-solutions/Become a podcast guest:https://www.hipaavault.com/podcast-guest/