Moving healthcare data to the cloud can be game-changing — but is it truly HIPAA compliant?

In this episode of the HIPAA Insider Show, host Adam Z. and HIPAA Vault CEO Gil Vidals dive deep into what healthcare organizations need to know about cloud compliance, the Shared Responsibility Model, and how to avoid the most common pitfalls when managing PHI in AWS, Azure, or Google Cloud.

You’ll learn:

• What your Business Associate Agreement (BAA) really covers

• Why “HIPAA Certified” cloud platforms don’t actually exist

• The single biggest reason for cloud data breaches

• How to secure ePHI while maintaining compliance

• How a HIPAA-compliant hosting provider can simplify your cloud strategy

If your organization is moving patient data to the cloud — or already there — this episode is essential listening.

Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode95

Become a podcast guest:
https://www.hipaavault.com/podcast-guest/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode95⁠

One missing laptop. Millions in penalties.

In this episode of the HIPAA Insider Show, Adam and Gil examine one of the most costly HIPAA violations in recent years — the $3.9 million fine issued to the Feinstein Institutes for Medical Research after a stolen, unencrypted laptop exposed sensitive patient data.

They break down:

• How a single stolen device triggered a massive HIPAA fine

• What security safeguards were missing

• How HIPAA compliance could have prevented this breach

• The critical role of HIPAA-compliant cloud hosting in protecting PHI

• What your organization can do to avoid similar fines and enforcement actions

If you’ve ever thought, “It won’t happen to us,” this episode will make you think twice — and show you how to protect your organization from becoming the next headline.

Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/?utm_source=spotify&utm_medium=podcast&utm_campaign=episode94

Become a podcast guest:

Can ChatGPT or Gemini be HIPAA compliant? We explore LLM as a Service vs. Self-Hosted and what it means for protecting PHI.

AI is rapidly transforming healthcare — but can tools like ChatGPT and Google Gemini be used in a HIPAA-compliant way? In this episode of the HIPAA Insider Show, Adam Z. dives into the critical differences between LLM as a Service vs. Self-Hosted models and what each means for compliance.

You’ll learn:

• Is ChatGPT HIPAA compliant for healthcare?

• Can Gemini meet HIPAA compliance requirements?

• Pros and cons of LLM as a Service vs. Self-Hosted

• What it takes to secure PHI with AI

• How a HIPAA-compliant MSSP like HIPAA Vault can support your AI strategy

  
  

Whether your organization is experimenting with AI or considering long-term adoption, this episode will help you make the right, compliant decision.

Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/

Become a podcast guest:
https://www.hipaavault.com/podcast-guest/

From free scans to pen tests — Adam Z. and Henri Alfonso explain the different types of vulnerability scans and how they impact your security.

Not all vulnerability scans are created equal. From free URL-based checks to full-scale penetration tests, knowing the difference is key to strengthening your security posture.

In this episode of the HIPAA Insider Show, Adam Z. and HIPAA Vault’s expert Henri Alfonso break down:

• The main types of vulnerability scans and what they reveal

• How application and system scans differ

• When to use vulnerability scanning tools vs. penetration testing

• Why choosing the right scan matters for HIPAA compliance and protecting patient data

If you’ve ever wondered whether your scans are leaving gaps, this episode will give you the clarity to make better security decisions.

Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/

Become a podcast guest:
https://www.hipaavault.com/podcast-guest/

Is your online scheduling tool HIPAA compliant? Adam explains how to protect PHI, avoid fines, and choose the right solution for secure patient scheduling.

In this episode of the HIPAA Insider Show, Adam dives into the growing need for HIPAA compliant online scheduling tools in healthcare. With more practices moving to digital appointment booking, protecting PHI and avoiding costly HIPAA violations has never been more important.

You’ll learn:

• Why standard online schedulers often fail HIPAA requirements

• How to protect sensitive patient data while streamlining appointments

• Practical tips to choose a HIPAA compliant scheduling solution

• How small and mid-sized practices can stay compliant without big IT budgets

  
  

Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/

Become a podcast guest:
https://www.hipaavault.com/podcast-guest/

In this episode of the HIPAA Insider Show, Adam unpacks how Google Cloud’s Assured Workloads can make HIPAA compliance easier for healthcare organizations, startups, and anyone handling sensitive patient data.

Whether you’re a healthcare IT leader or new to cloud compliance, this beginner-friendly guide will help you understand if Google Cloud Platform (GCP) is the right choice for your HIPAA needs.

Learn more about HIPAA Vault:
https://www.hipaavault.com/hipaa-hosting-solutions/

Be our next podcast guest:
https://www.hipaavault.com/podcast-guest/

This week on the HIPAA Insider Show, we pull back the curtain on HIPAA compliant hosting, diving into a direct comparison between HIPAA Vault's offerings and those from Liquid Web and Atlantic.net. Join us as we break down the critical features that make a hosting plan truly HIPAA compliant, discuss pricing structures, and highlight key differences in what each provider brings to the table. Whether you're a healthcare organization or a business associate, understanding the nuances of HIPAA hosting is crucial – and in this episode, we aim to simplify the decision-making process for you.

This week on the HIPAA Insider Show, we're diving deeper into cloud security for healthcare data. While encryption is foundational, true HIPAA compliance in the cloud goes far beyond the basics. Join us as we explore advanced cloud security features that are vital for protecting sensitive patient information, ensuring compliance, and providing peace of mind in an increasingly digital healthcare landscape. We'll uncover how sophisticated tools and strategies offered by cloud platforms can elevate your security posture, making robust protection accessible for all organizations.

This week on the HIPAA Insider Show, hosts Adam Z. and Gil Vidals delve into the critical topic of phishing and cybersecurity awareness. The episode focuses on practical strategies for examining links before clicking them to avoid falling victim to phishing attacks. Adam and Gil discuss key indicators of suspicious links, methods for verifying URLs, and best practices for staying secure in today's digital landscape. They also mention helpful tools such as URL decoders (e.g., Unshorten.It, GetLinkInfo.com) and website reputation checkers like Google Safe Browsing (https://transparencyreport.google.com/safe-browsing/search) and VirusTotal (https://www.virustotal.com/). This episode aims to empower healthcare professionals and business associates with the knowledge to protect sensitive patient data and maintain HIPAA compliance.

This week on the HIPAA Insider Show, we're helping healthcare providers navigate the world of e-commerce. As more clinics and practices sell online – from medical supplies to supplements – choosing the right platform is critical. We'll compare WooCommerce and Shopify, with a special focus on HIPAA compliance. It's important to note that Shopify does not allow its platform to be used for handling Protected Health Information (PHI) and does not offer a Business Associate Agreement (BAA).