Joe Gellatly

@joegellatly

HIPAA compliance and healthcare cybersecurity. Co-founder at Medcurity.

Joined April 2026

About

Co-founder at Medcurity, helping healthcare organizations achieve and maintain HIPAA compliance. Writing about healthcare cybersecurity, security risk analysis, and compliance automation.

Available for

Nothing here yet.

Joe Gellatly's blogs

Medcurity HIPAA Compliance Blogmedcurity.hashnode.dev15 posts

Articles Comments

Recently published

JGJoe Gellatlymedcurity.hashnode.devJun 12 · 8 min read

The 2026 HIPAA Risk Assessment Pattern for Healthcare APIs

Originally published at medcurity.com. Mirrored here for engineering teams shipping healthcare-adjacent software. If you ship any service that reads, writes, or transports electronic protected health

0

JGJoe Gellatlymedcurity.hashnode.devJun 1 · 6 min read

Building a BAA Inventory System That Holds Up Under a 2026 HIPAA Audit

If you maintain HIPAA-covered systems, your Business Associate Agreement (BAA) inventory is one of the most under-engineered parts of your compliance posture. Most organizations carry it in a spreadsh

0

JGJoe Gellatlymedcurity.hashnode.devMay 29 · 6 min read

Why horizontal GRC platforms miss the half of HIPAA that actually fails an audit

A 2026 engineering-perspective on the gap between "we passed SOC 2" and "we'd pass an OCR Risk Analysis Initiative inspection." The framing problem If you sell software into healthcare, you've probabl

0

JGJoe Gellatlymedcurity.hashnode.devMay 28 · 5 min read

A 2026 HIPAA Risk Assessment Pattern for Healthcare APIs

The problem You're shipping a healthcare API. Your data plane touches PHI. Your auditors — eventually — will ask: show us your most recent HIPAA risk assessment. The answer "we'll generate one later"

0

JGJoe Gellatlymedcurity.hashnode.devMay 20 · 4 min read

How We Picked Our HIPAA Security Risk Assessment Tool in 2026 (Engineering-First Notes)

If you're standing up the HIPAA SRA-tool stack for a healthcare org in 2026, what does the buying decision actually look like from the engineering side? A lot of the writing on this lives in marketing

0

Joe Gellatly

About

Available for

Joe Gellatly's blogs

Recently published

The 2026 HIPAA Risk Assessment Pattern for Healthcare APIs

Building a BAA Inventory System That Holds Up Under a 2026 HIPAA Audit

Why horizontal GRC platforms miss the half of HIPAA that actually fails an audit

A 2026 HIPAA Risk Assessment Pattern for Healthcare APIs

How We Picked Our HIPAA Security Risk Assessment Tool in 2026 (Engineering-First Notes)

Search Hashnode

Joe Gellatly

About

Available for

Joe Gellatly's blogs

Recently published

The 2026 HIPAA Risk Assessment Pattern for Healthcare APIs

Building a BAA Inventory System That Holds Up Under a 2026 HIPAA Audit

Why horizontal GRC platforms miss the half of HIPAA that actually fails an audit

A 2026 HIPAA Risk Assessment Pattern for Healthcare APIs

How We Picked Our HIPAA Security Risk Assessment Tool in 2026 (Engineering-First Notes)