The Medcurity Podcast: HIPAA Compliance | Security | Technology | Healthcare

Hosted by Medcurity: HIPAA Compliance

Business

Website RSS feed

Episodes

154

Latest episode

Apr 2026

Language

About the show

Healthcare is complicated. Joe Gellatly and the Medcurity team are here to help, guiding us through the biggest issues and updates in healthcare security and compliance. From HIPAA Risk Assessments to the dark web, learn what factors are affecting the security of healthcare information and how to protect your data. Tune in for news, advice, and more. HIPAA laws continue to evolve. Go to hhs.gov for the latest information. Learn more at https://medcurity.com.

Listen to episodes

60 recent

April 24, 20267 min

The Lifecycle of a Corrective Action Plan | Medcurity Podcast 142

Finding a risk in your Security Risk Analysis is only half the job. The other half is fixing it, proving you fixed it, and closing the loop.This episode walks through the full lifecycle of a corrective action plan, from identifying the gap to building a remediation plan, assigning ownership, gathering proof, and formally closing it out. We also cover the common mistakes that stall progress or leave organizations exposed during audits, and three steps you can take right now to get your open findings moving in the right direction.Learn more about Medcurity here: https://medcurity.com#Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #CorrectiveActionPlan #AuditReady #HIPAACompliance #HealthcareIT

April 15, 202650 min

Webinar: Decoding Legislative Updates and Their Impact | Medcurity Podcast 141

Small changes in legislative language can create major consequences for healthcare organizations.In this webinar recording, healthcare attorney and former Idaho legislator Luke Malek joins Kyle Rooks of the Idaho Community Health Center Association to discuss how new bills can shift compliance expectations, alter legal obligations, and create unintended operational challenges for providers.The conversation looks at how wording changes can expand or narrow who is affected, how new bills interact with statutes already in place, and why the actual bill text matters more than outside interpretation when organizations are trying to understand what changed.Connect with Kyle Rooks: https://www.linkedin.com/in/kyle-rooks-6aa71269/ Connect with Luke Malek: https://www.linkedin.com/in/lukemalek/ Connect with Molly Miller: https://www.linkedin.com/in/molly-miller-spokane/ Learn more about Malek + Malek: https://www.malekattorneys.com Learn more about the Idaho Community Health Center Association: https://www.idahopca.org/home Learn more about Medcurity: https://medcurity.com #Healthcare #Compliance #HIPAA #HealthcarePolicy #HealthcareLaw #CommunityHealth #FQHC #HealthcareIT #SecurityRiskAnalysis #LegislativeUpdates

April 8, 20265 min

The MIPS Security Risk Analysis Update You Need to Know About | Medcurity Podcast 140

For years, the SRA measure under MIPS Promoting Interoperability was a single yes/no attestation. Did you conduct or review a Security Risk Analysis? Check. Done.Starting with the 2026 performance year, CMS added a second required attestation: did you conduct security risk management activities in accordance with the HIPAA Security Rule? A "no" on either attestation zeros out your entire PI score, which can significantly impact your MIPS performance and contribute to negative Medicare payment adjustments (up to 9% under MIPS overall).This episode breaks down what changed, why CMS is pushing beyond the checkbox, and what it means for practices that need to show they're not just completing an SRA but acting on the findings.Learn more about Medcurity here: https://medcurity.com#Healthcare #HIPAA #Cybersecurity #MIPS #SecurityRiskAnalysis #HealthcareIT #Compliance #HIPAACompliance #PromotingInteroperability #MedicareReimbursement

April 3, 202658 min

Agentic AI, Voice Cloning, and Smarter Security with Bidemi Ologunde | Medcurity Podcast 139

Bidemi "Bid" Ologunde is a cybercrime and threat-intelligence specialist who spends his days in the middle of the conversations most organizations aren't having yet. He returns to the Medcurity Podcast for a wide-ranging conversation with Joe Gellatly on what's changed in the world of artificial intelligence. Connect with Bid on LinkedIn: https://www.linkedin.com/in/bidemiologunde/The conversation covers agentic AI and why organizations are racing to deploy it without asking what data it can access, the growing divide between AI adoption and security readiness, and the emerging threats of voice cloning and deepfakes. Bid also gets into data sovereignty, why compliance frameworks trail the technology they're meant to govern, and how to build security habits that keep pace.Learn more about Medcurity: https://medcurity.com#Healthcare #Cybersecurity #Compliance #HIPAA #AgenticAI #AIinHealthcare #ThreatIntelligence #PrivacyByDesign #CyberThreats #HealthcareSecurity

April 1, 202642 min

Webinar: Current Threats and Audit-Ready Compliance with Jeff Zimbalist | Medcurity Podcast 138

Jeff Zimbalist, CEO and Founder of Applied Technology Solutions, has spent over 25 years in IT serving healthcare, education, and small business. In this webinar recording, he joins Medcurity to talk through what small practices are up against right now and where compliance gaps tend to show up when it counts.Connect with Jeff on LinkedIn: https://www.linkedin.com/in/jeff-zimbalist/The session covers current threat tactics targeting small practices, why free SRA checklists fall short when insurance claims or OCR penalties are on the line, and what preparation looks like when a real incident hits. It also includes a live demo of Medcurity's Small Practice SRA.Learn more about Applied Technology Solutions: https://appliedts.net Learn more about Medcurity: https://medcurity.com#Healthcare #Cybersecurity #HIPAA #HealthcareIT #Compliance #SecurityRiskAnalysis #HIPAACompliance #SmallPractice #CyberThreats #SRA

March 25, 202636 min

Operational Compliance for Small Healthcare Teams with Dr. Natasha Guess | Medcurity Podcast 137

Download Dr. Guess's free checklist, "The 5 HIPAA Operational Gaps That Lead to Breach Exposure": https://drive.google.com/file/d/1Ihgye3OhxdJGK9pFafEu-w4egYJJTKp0/view?usp=sharingMost compliance gaps don't start with a policy failure. They start with a workflow that drifted.Dr. Natasha Guess, founder of Guess Compliance Consulting, joins the podcast to discuss why small and mid-sized healthcare practices struggle to turn written policies into daily habits, and what a more practical approach looks like. The conversation gets into common misconceptions about what compliance requires, how fear-driven programs often backfire, and the operational patterns that tend to surface during breach investigations and enforcement actions.Whether you're building a compliance program from scratch or trying to strengthen what's already in place, this episode offers a clear starting point.Connect with Dr. Natasha Guess on LinkedIn: https://www.linkedin.com/in/dr-natasha-guess-dlp-msl-bs-chc-chpc-306a0963Learn more about Guess Compliance Consulting: https://guesscomplianceconsultingllc.comLearn more about Medcurity: https://medcurity.com#Healthcare #Cybersecurity #HIPAA #HealthcareIT #Compliance #SecurityRiskAnalysis #HIPAACompliance #OperationalCompliance #HealthcareSecurity

March 20, 20265 min

What Exactly is a HIPAA Security Risk Analysis? | Medcurity Podcast 136

The Security Risk Analysis is one of the most talked-about requirements in HIPAA, but it's also one of the most misunderstood.This episode breaks down what an SRA actually is, what it's meant to accomplish, and why regulators treat it as the foundation of every compliance program. If you've ever been unsure where to start or what "complete" really looks like, this is a good place to get grounded.If you’d like support completing or updating your Security Risk Analysis, our team is here to help: https://medcurity.com#Healthcare #HIPAA #Cybersecurity #HealthcareSecurity #HealthcareIT #Compliance #SecurityRiskAnalysis #HIPAACompliance #DataPrivacy #HealthIT

March 13, 20265 min

Administrative, Physical, & Technical Safeguards - Explained Simply | Medcurity Podcast 135

There isn’t a single checklist for compliance. There are three safeguard categories, and it’s not just a technology problem. HIPAA security involves people, processes, and the environment around your systems.This episode walks through what these categories mean and how they work together, the safeguards healthcare organizations are expected to have in place, and how to tell whether your organization is meeting those expectations.We also share three simple actions you can take right now to strengthen compliance.If you’d like support completing or updating your Security Risk Analysis, our team is here to help: https://medcurity.com#Healthcare #HIPAA #Cybersecurity #HealthcareSecurity #HealthcareIT #Compliance #SecurityRiskAnalysis #HIPAACompliance #DataPrivacy #HealthIT

March 7, 20266 min

What Really Happens Before, During, and After a Breach | Medcurity Podcast 134

Most breaches don’t unfold the way people expect.The conversation covers common misconceptions about how incidents begin, what typically happens in the early response, and how teams can approach the situation more clearly when something does go wrong.If you’d like support completing or updating your Security Risk Analysis, our team is here to help: https://medcurity.com#Healthcare #Cybersecurity #HIPAA #HealthcareIT #Compliance #SecurityRiskAnalysis #DataPrivacy #IncidentResponse

February 28, 20265 min

Inside Our Security Risk Analysis Walkthroughs | Medcurity Podcast 133

Physical safeguards don’t always get talked about as often as technical controls, but they show up consistently in our Security Risk Analysis walkthroughs.This episode looks at the physical side of HIPAA, how leadership perspective shapes day-to-day habits, and how small, intentional changes can reduce unnecessary exposure. It’s a reminder that what happens in the building matters just as much as what happens on the network.If you’d like support completing or updating your own Security Risk Analysis, our team is here to help: https://medcurity.com#Cybersecurity #HealthcareSecurity #HIPAA #HealthcareIT #DataPrivacy #Healthcare #Compliance #SecurityRiskAnalysis #HealthcareAI