📋 Free Download: 2026 HIPAA Compliance Checklist — updated for the latest OCR enforcement priorities. Get it free →
Every AXIS CloudSync article, professionally narrated by Brian. Listen while you commute, download for offline access, or catch up on what changed this week — no reading required.
Showing 71 of 71 episodes · 306 min total
42 CFR Part 2 governs substance use disorder records with stricter protections than HIPAA. Learn what the 2024 amendments changed and what your cloud storage must do to comply.
Read full articleMost BAAs are boilerplate. Here's what the gaps look like in practice — and what to add before your next renewal.
Read full articleHIPAA gets all the attention, but it's far from the only regulation that mandates secure, auditable cloud storage. Six industries that need it most.
Read full articleThe HIPAA Security Rule is getting its most significant overhaul in more than two decades — and the compliance window is shorter than most organizations realize.
Read full articleOCR has now settled or imposed civil monetary penalties in more than 50 cases under its risk analysis enforcement initiative, with fines ranging from $10,000 to $1.9 million.
Read full articleWhen a healthcare organization says their cloud storage is 'HIPAA compliant,' what does that actually mean? Five critical mistakes to avoid.
Read full articleEverything healthcare organizations, covered entities, and business associates need to know about storing PHI in the cloud — updated for 2026.
Read full articleOCR's HIPAA Risk Analysis Initiative is no longer a warning shot — it's an active enforcement campaign with real penalties.
Read full articleTwo settlements in early 2026 make the financial case for proactive risk analysis clearer than ever.
Read full articleOccupational health clinics operate at the intersection of HIPAA, OSHA, and employer reporting — a compliance triple threat.
Read full articleApril 2026 ransomware attacks hit multiple healthcare organizations. OCR's response signals a new enforcement posture.
Read full articleOCR's risk analysis enforcement initiative is accelerating. Here's exactly what's required and how to document it.
Read full articleA deep look at OCR's enforcement patterns and what organizations need to do to avoid becoming the next case study.
Read full articleThe pattern in OCR enforcement is clear: organizations that skip or superficially complete risk analyses are the ones paying penalties.
Read full articleThe 2026 HIPAA Security Rule updates make encryption and MFA mandatory. A detailed breakdown of what changes are required.
Read full articleA checklist approach to evaluating whether your cloud storage vendor truly meets HIPAA requirements.
Read full articleA comprehensive checklist for HIPAA compliance covering administrative, physical, and technical safeguards.
Read full articlePractical, actionable HIPAA compliance guidance for organizations without large compliance teams.
Read full articleHR departments handle employee health information that falls under HIPAA. Here's what compliance looks like in practice.
Read full articleA detailed look at the gaps in standard BAA language and the clauses that actually protect your organization.
Read full articleOCR's record-breaking year for HIPAA enforcement: the numbers, the cases, and what they signal for 2026.
Read full articleA detailed breakdown of the OCR enforcement action, the violations found, and what other organizations can learn.
Read full articleThe settlement details, the breach that triggered it, and the corrective action plan OCR required.
Read full articleThe largest HIPAA settlement in history: what happened, why it happened, and what it means for covered entities.
Read full articleOCR's enforcement of patient right of access: the Concentra case and its implications for healthcare organizations.
Read full articleA pain management clinic's HIPAA penalty and the compliance failures that led to it.
Read full articleHow a medical supply company's breach led to a $3 million settlement and what the corrective action plan required.
Read full articleA diagnostic imaging company's $3 million HIPAA penalty: the violations, the investigation, and the outcome.
Read full articleWhen multiple smaller breaches compound into a major enforcement action — the case that changed how OCR investigates repeat violations.
Read full articleA smaller settlement with significant lessons about right of access enforcement and documentation requirements.
Read full articlePhysical safeguard failures and their financial consequences — a case study in what 'reasonable safeguards' actually means.
Read full articleA physicians group's HIPAA penalty and the risk analysis failures at the center of the enforcement action.
Read full articleWhen an EHR vendor's data practices led to a landmark settlement — and what it means for healthcare technology contracts.
Read full articleA dental software company's breach affecting 1.5 million patients — the technical failures and regulatory response.
Read full articleHow a major children's hospital's failure to implement MFA led to a significant breach and enforcement action.
Read full articleA roundup of major healthcare data breaches and the patterns that connect them.
Read full articleA mental health provider's data breach and the unique compliance obligations for behavioral health organizations.
Read full articlePhysical disposal failures and HIPAA: what this case means for practices that handle paper records.
Read full articleHIPAA liability survives practice closure — what former providers need to know about ongoing obligations.
Read full articleA real-world ransomware incident at a dental practice: what happened, what it cost, and how it could have been prevented.
Read full articleThe FBI's Maze ransomware alert: what the threat is, who it targets, and what healthcare organizations need to do.
Read full articleTexas healthcare organizations face an outsized ransomware threat. The data, the patterns, and what to do about it.
Read full articleA pediatric practice's ransomware attack: the breach notification, the regulatory response, and the lessons learned.
Read full articleThe 3-2-1 backup rule was solid advice in 2005. In 2026, ransomware has made it insufficient on its own.
Read full articleAn expanded look at modern backup strategy for organizations that have outgrown the classic 3-2-1 approach.
Read full articleRecovery Time Objective and Recovery Point Objective are the two metrics that determine whether your disaster recovery plan actually works.
Read full articleA practical guide to understanding and calculating your organization's recovery objectives.
Read full article49 CFR §382.401 requires carriers and C/TPAs to retain drug and alcohol testing records — but the specifics trip up even experienced compliance teams.
Read full articleFive years in, the data security obligations around Clearinghouse records are still widely misunderstood — and the exposure is real.
Read full articleA new OVW policy memo makes data breach response plans mandatory for all VAWA grantees — with no grace period.
Read full articleVAWA's confidentiality mandate is one of the strictest in federal law — and most cloud storage platforms weren't designed for it.
Read full articleUnder VAWA, FVPSA, and OVW grant conditions, victim service providers have strict obligations around how survivor data is stored.
Read full articleLink-based sharing is the default for most cloud platforms. It's also one of the most common sources of unintentional PHI exposure.
Read full articleThe security case against default link sharing and what zero-trust file access looks like in practice.
Read full articleRecent federal hospice fraud prosecutions highlight compliance gaps that extend beyond billing — into documentation and data security.
Read full articleFederal prosecutors charged eight individuals in a hospice fraud scheme. What the case reveals about compliance vulnerabilities.
Read full articleA physician's arrest in a healthcare fraud scheme and the documentation failures that made prosecution possible.
Read full articleA multi-defendant healthcare fraud case in Dallas — the charges, the sentences, and the compliance lessons.
Read full articleA pharmacy fraud case involving eight defendants and millions in false claims — what it means for compliance programs.
Read full articleA physician's prison sentence for healthcare fraud and the billing irregularities that triggered the investigation.
Read full articleA healthcare executive's nine-year sentence and the corporate compliance failures that enabled the fraud.
Read full articleA Fort Worth physician's decade-long prison sentence for healthcare fraud — the scheme, the evidence, and the outcome.
Read full articleA laboratory fraud case and the documentation practices that allowed it to continue undetected.
Read full articleA landmark healthcare lawsuit seeking over $1 billion in damages — the allegations and their implications.
Read full articleA patient recruiter's conviction in a multi-million dollar kickback scheme and what it means for referral compliance.
Read full articleA Texas cancer center's $4.3 million settlement and the billing practices that triggered federal scrutiny.
Read full articleA Texas physician's conviction in a $3.25 million healthcare fraud scheme — the evidence and the verdict.
Read full articleA Texas mayor's indictment alongside healthcare company owners in a fraud scheme — the charges and context.
Read full articleA patient recruiter's nine-year sentence in a Texas healthcare fraud case — the scheme and its compliance implications.
Read full articleA whistleblower award in a healthcare fraud case — what it means for compliance programs and reporting culture.
Read full articleA guide to the OIG's compliance resource portal and how healthcare organizations can use it to strengthen their programs.
Read full article