Major changes to HIPAA are coming — and they will impact every healthcare organization, regardless of size.
In this episode of the HIPAA Insider Show, Adam Z. and HIPAA Vault CEO Gil Vidals break down the proposed 2026 updates to the HIPAA Security Rule and why these changes represent a mandatory shift toward stronger technology controls across healthcare.
We cover the non-negotiable technical requirements expected to become standard, including:
Mandatory Multi-Factor Authentication (MFA)
Encryption at rest for ePHI
Annual penetration testing and security validation
Tighter enforcement and reduced tolerance for “best-effort” compliance
You’ll also learn:
The expected finalization timeline
How the compliance grace period is likely to work
When your systems must be ready to avoid enforcement risk
How smaller organizations can meet enterprise-level security demands with the right cloud strategy
If your organization handles ePHI, this episode provides a clear, technology-first roadmap to prepare for HIPAA compliance in 2026.
Learn more about HIPAA-compliant hosting and cloud security:
https://www.hipaavault.com/hipaa-hosting-solutions/?utm_source=spotify&utm_medium=podcast&utm_campaign=rule_2026
In this episode of the HIPAA Insider Show, Adam Z. and HIPAA Vault CEO Gil Vidals revisit one of the most common — and most misunderstood — questions in healthcare IT: using WordPress in a HIPAA-regulated environment.
With upcoming 2026 HIPAA Security Rule updates making safeguards mandatory and enforcement stricter, we break down what has fundamentally changed and what core compliance principles still matter for healthcare organizations and business associates using WordPress.
You’ll learn:
What the 2026 HIPAA updates mean for WordPress websites
Why Multi-Factor Authentication (MFA) and encryption at rest are no longer optional
How mandatory security testing impacts healthcare websites
Common WordPress compliance mistakes that lead to breaches
Why your hosting provider is the foundation of HIPAA compliance
If your organization uses WordPress for patient intake forms, portals, or healthcare marketing, this episode will help you avoid costly compliance gaps and future enforcement risks.
Learn more about HIPAA-compliant hosting with HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/?utm_source=spotify&utm_medium=podcast&utm_campaign=wordpress2026
Interested in being a guest on the HIPAA Insider Show?
https://www.hipaavault.com/podcast-guest/?utm_source=spotify&utm_medium=podcast&utm_campaign=wordpress2026
As healthcare moves deeper into the cloud, one question keeps coming up: Which platform is truly the most HIPAA-ready for 2026? Google Cloud? AWS? Azure?
In this episode of the HIPAA Insider Show, Adam breaks down the strengths and weaknesses of the three cloud giants — specifically through the lens of HIPAA compliance and PHI security.
You’ll learn:
How GCP, AWS, and Azure differ in their security defaults
Which cloud is taking the lead in AI and healthcare innovation
Where organizations fail under the Shared Responsibility Model
The real-world considerations for small and mid-sized healthcare teams
Which platform may offer the safest, simplest path for HIPAA in 2026
If you're evaluating or planning a cloud move, this episode gives you the clarity and direction you need to choose securely and confidently.
Learn more about HIPAA Vault
https://www.hipaavault.com/hipaa-hosting-solutions/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode97
Become a podcast guest
https://www.hipaavault.com/podcast-guest/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode97
AI is transforming healthcare — but can tools like ChatGPT, Claude, and Gemini truly handle patient data safely?
In this week’s HIPAA Insider Show, Adam puts the biggest AI chatbots to the test with a live compliance experiment, asking them directly about their HIPAA readiness. The results? Eye-opening.
You’ll learn:
What AI chatbots say about their own HIPAA compliance
Why the Business Associate Agreement (BAA) is non-negotiable
The HIPAA AI Checklist every organization must follow after signing a BAA
How administrative safeguards make AI both secure and compliant
Why HIPAA-compliant AI platforms in 2025 are now within reach for all healthcare organizations
If you’re exploring AI for healthcare operations or patient interaction, this episode is a must-listen.
Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode96
Become a podcast guest:
https://www.hipaavault.com/podcast-guest/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode96
Moving healthcare data to the cloud can be game-changing — but is it truly HIPAA compliant?
In this episode of the HIPAA Insider Show, host Adam Z. and HIPAA Vault CEO Gil Vidals dive deep into what healthcare organizations need to know about cloud compliance, the Shared Responsibility Model, and how to avoid the most common pitfalls when managing PHI in AWS, Azure, or Google Cloud.
You’ll learn:
What your Business Associate Agreement (BAA) really covers
Why “HIPAA Certified” cloud platforms don’t actually exist
The single biggest reason for cloud data breaches
How to secure ePHI while maintaining compliance
How a HIPAA-compliant hosting provider can simplify your cloud strategy
If your organization is moving patient data to the cloud — or already there — this episode is essential listening.
Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode95
Become a podcast guest:
https://www.hipaavault.com/podcast-guest/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode95
One missing laptop. Millions in penalties.
In this episode of the HIPAA Insider Show, Adam and Gil examine one of the most costly HIPAA violations in recent years — the $3.9 million fine issued to the Feinstein Institutes for Medical Research after a stolen, unencrypted laptop exposed sensitive patient data.
They break down:
How a single stolen device triggered a massive HIPAA fine
What security safeguards were missing
How HIPAA compliance could have prevented this breach
The critical role of HIPAA-compliant cloud hosting in protecting PHI
What your organization can do to avoid similar fines and enforcement actions
If you’ve ever thought, “It won’t happen to us,” this episode will make you think twice — and show you how to protect your organization from becoming the next headline.
Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode94
Can ChatGPT or Gemini be HIPAA compliant? We explore LLM as a Service vs. Self-Hosted and what it means for protecting PHI.
AI is rapidly transforming healthcare — but can tools like ChatGPT and Google Gemini be used in a HIPAA-compliant way? In this episode of the HIPAA Insider Show, Adam Z. dives into the critical differences between LLM as a Service vs. Self-Hosted models and what each means for compliance.
You’ll learn:
Is ChatGPT HIPAA compliant for healthcare?
Can Gemini meet HIPAA compliance requirements?
Pros and cons of LLM as a Service vs. Self-Hosted
What it takes to secure PHI with AI
How a HIPAA-compliant MSSP like HIPAA Vault can support your AI strategy
Whether your organization is experimenting with AI or considering long-term adoption, this episode will help you make the right, compliant decision.
Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/
Become a podcast guest:
https://www.hipaavault.com/podcast-guest/
From free scans to pen tests — Adam Z. and Henri Alfonso explain the different types of vulnerability scans and how they impact your security.
Not all vulnerability scans are created equal. From free URL-based checks to full-scale penetration tests, knowing the difference is key to strengthening your security posture.
In this episode of the HIPAA Insider Show, Adam Z. and HIPAA Vault’s expert Henri Alfonso break down:
The main types of vulnerability scans and what they reveal
How application and system scans differ
When to use vulnerability scanning tools vs. penetration testing
Why choosing the right scan matters for HIPAA compliance and protecting patient data
If you’ve ever wondered whether your scans are leaving gaps, this episode will give you the clarity to make better security decisions.
Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/
Become a podcast guest:
https://www.hipaavault.com/podcast-guest/
Is your online scheduling tool HIPAA compliant? Adam explains how to protect PHI, avoid fines, and choose the right solution for secure patient scheduling.
In this episode of the HIPAA Insider Show, Adam dives into the growing need for HIPAA compliant online scheduling tools in healthcare. With more practices moving to digital appointment booking, protecting PHI and avoiding costly HIPAA violations has never been more important.
You’ll learn:
Why standard online schedulers often fail HIPAA requirements
How to protect sensitive patient data while streamlining appointments
Practical tips to choose a HIPAA compliant scheduling solution
How small and mid-sized practices can stay compliant without big IT budgets
Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/
Become a podcast guest:
https://www.hipaavault.com/podcast-guest/
In this episode of the HIPAA Insider Show, Adam unpacks how Google Cloud’s Assured Workloads can make HIPAA compliance easier for healthcare organizations, startups, and anyone handling sensitive patient data.
Whether you’re a healthcare IT leader or new to cloud compliance, this beginner-friendly guide will help you understand if Google Cloud Platform (GCP) is the right choice for your HIPAA needs.
Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/
Be our next podcast guest:
https://www.hipaavault.com/podcast-guest/
This week on the HIPAA Insider Show, we pull back the curtain on HIPAA compliant hosting, diving into a direct comparison between HIPAA Vault's offerings and those from Liquid Web and Atlantic.net. Join us as we break down the critical features that make a hosting plan truly HIPAA compliant, discuss pricing structures, and highlight key differences in what each provider brings to the table. Whether you're a healthcare organization or a business associate, understanding the nuances of HIPAA hosting is crucial – and in this episode, we aim to simplify the decision-making process for you.
This week on the HIPAA Insider Show, we're diving deeper into cloud security for healthcare data. While encryption is foundational, true HIPAA compliance in the cloud goes far beyond the basics. Join us as we explore advanced cloud security features that are vital for protecting sensitive patient information, ensuring compliance, and providing peace of mind in an increasingly digital healthcare landscape. We'll uncover how sophisticated tools and strategies offered by cloud platforms can elevate your security posture, making robust protection accessible for all organizations.
This week on the HIPAA Insider Show, hosts Adam Z. and Gil Vidals delve into the critical topic of phishing and cybersecurity awareness. The episode focuses on practical strategies for examining links before clicking them to avoid falling victim to phishing attacks. Adam and Gil discuss key indicators of suspicious links, methods for verifying URLs, and best practices for staying secure in today's digital landscape. They also mention helpful tools such as URL decoders (e.g., Unshorten.It, GetLinkInfo.com) and website reputation checkers like Google Safe Browsing (https://transparencyreport.google.com/safe-browsing/search) and VirusTotal (https://www.virustotal.com/). This episode aims to empower healthcare professionals and business associates with the knowledge to protect sensitive patient data and maintain HIPAA compliance.
This week on the HIPAA Insider Show, we're helping healthcare providers navigate the world of e-commerce. As more clinics and practices sell online – from medical supplies to supplements – choosing the right platform is critical. We'll compare WooCommerce and Shopify, with a special focus on HIPAA compliance. It's important to note that Shopify does not allow its platform to be used for handling Protected Health Information (PHI) and does not offer a Business Associate Agreement (BAA).
This week on the HIPAA Insider show features an interview with Fred Pira, CEO of ProNex Inc., about their healthcare technology solutions. ProNex offers PatientFlow® and The CORE Platform, designed to improve patient care and operational efficiency for chronic care and surgical practices. The CORE Platform focuses on Lifestyle Medicine, automating key pillars like nutrition and exercise, while PatientFlow® streamlines practice workflows and reduces costs. Both tools are HIPAA-compliant and aim to enhance patient engagement and provider efficiency.
More about Pronex https://www.pronexinc.com/
This week on the HIPAA Insider Show, we wrap up our 3-part WordPress plugin series by diving into medical functionality. From patient booking to form submissions, we spotlight the plugins that help transform a basic website into a HIPAA-aware, patient-friendly digital experience.
Themes
https://wpastra.com/website-templates/healthcare/
https://preview.themeforest.net/item/medicenter-responsive-medical-wordpress-theme/full_screen_preview/4718613
Booking Plugins
https://wpbookingcalendar.com/
Form Plugins
https://www.booking-wp-plugin.com/
https://wpforms.com/
https://wordpress.org/plugins/contact-form-7/
This week on the HIPAA Insider Show, it’s Part 2 of our essential plugin series—this time focused on performance. A fast, responsive site isn’t just good UX; it’s a critical piece of patient trust and SEO. We dive into caching, image optimization, and server-level tools to keep your healthcare website blazing fast and rock solid. Plugins reviewed include WP Rocket, Imagify & Perfmatters.
This week on the HIPAA Insider Show, we kick off a 3-part series on must-have WordPress plugins for healthcare websites. In Part 1, we tackle the most important piece of the puzzle—security. From two-factor authentication to audit logging, we cover the essentials you need to protect PHI, build trust, and stay HIPAA-aligned.
This week on the HIPAA Insider Show, Adam and Gil peel back the layers of managed cloud hosting — demystifying what’s included at different levels of service. From server-level management like OS patching and automated backups, to application-level hosting like Managed WordPress, we’ll explore how these models impact HIPAA compliance, performance, and peace of mind.
In this episode of the HIPAA Insider Show, we dive into how Google Lighthouse can diagnose and fix performance issues on your WordPress site. A sluggish site can hurt SEO, user experience, and even HIPAA compliance if it affects protected health information (PHI) portals.