@joegellatly

Logging API calls in telehealth platforms: a 2026 HIPAA-compliant pattern

5d ago · 5 min read · The 2026 HIPAA Security Rule amendments tightened what an audit log has to look like. For telehealth platforms — where a single patient session can fan out to a half-dozen API calls touching PHI — get

The OCR Enforcement Playbook for FQHCs in 2026 (What Developers Actually Need to Know)

Apr 29 · 2 min read · Why this post exists Most HIPAA enforcement coverage is written for compliance officers. This one's for developers and security engineers at community health centers and federally qualified health cen

BAA Annual Verification: The 2026 HIPAA Update's Most Underrated Workflow

Apr 25 · 6 min read · If you're doing your first post-2026 HIPAA Security Risk Analysis right now and you're focused on the headline items — MFA mandates, encryption-at-rest, asset inventory — you're probably going to miss

HIPAA Security Risk Analysis at 90 Days: What the 2026 Rule Actually Changed in Practice

Apr 25 · 6 min read · It has been 90 days since the 2026 HIPAA Security Rule update took effect. Long enough for the initial "wait, does this apply to us?" panic to settle, short enough that most healthcare orgs haven't fi

Building HIPAA-Compliant Systems for Multi-Site Community Health Centers

Apr 21 · 9 min read · Community Health Centers (CHCs) are the backbone of primary care access across the United States, serving medically underserved populations through diverse clinic locations. But if you’re the IT direc