The Medcurity Podcast: Security | Compliance | Tec

Have you ever wondered why documentation matters so much in HIPAA and cybersecurity? In this episode, we break down exactly what auditors expect to see, where most practices may go wrong, and how to create documentation that actually protects your organization. We keep this discussion straightforward—perfect if you don’t normally manage HIPAA or still find it a struggle. Walk away with a clear understanding of the importance of documentation and practical steps to get started on your compliance journey. Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #AuditReady #HealthcareIT #HIPAACompliance #HealthcareSecurity #AuditPrep #PracticeManagement #HealthIT #RiskManagement #DataPrivacy 

A wide-ranging conversation from the NWRPCA/CHAMPS Annual Primary Care Conference, recorded live in Spokane. This session looks at how health centers are adopting AI today, what’s working on the ground, and where teams are running into challenges. The discussion covers ambient note-taking, revenue recovery tools, on-prem models, governance structures, vendor vetting, staff training, and the security concerns tied to rapid AI adoption. You’ll also hear practical examples from clinics already putting AI to work—along with the risks they’re watching for as these tools become part of daily operations. The session closes with a look at cybersecurity threats, patient communication, and what health center leaders can do now to prepare their teams for the next wave of AI in healthcare. Find out more about Medcurity here: https://medcurity.com #Compliance #Healthcare #PrimaryCare #CommunityHealth #FQHC #AIinHealthcare #HealthIT #Cybersecurity #DataSecurity #HIPAA #SecurityRiskAnalysis #NWRPCA #CHAMPS #Spokane

Take a quick look at why the annual Security Risk Analysis is still one of the most useful tools in healthcare. This episode walks through five practical reasons the SRA helps organizations stay organized, stay prepared, and keep their security work moving in the right direction. It also looks at how a solid SRA cuts out the uncertainty that usually surrounds compliance work. This episode touches on clearer expectations, smoother communication with leadership, and how a well-run SRA keeps teams aligned instead of scrambling at the end of the year. Find out more about how Medcurity handles SRAs here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #AuditReady #HealthcareIT 

There’s a big gap between organizations that walk confidently into an audit and those that scramble the moment OCR asks for documentation. This episode breaks down six practical steps that make the difference. You’ll hear about the quiet, everyday habits that keep HIPAA programs steady, defensible, and ready when it matters. Find out more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #AuditReady #CISO #HealthcareIT 

Mike Armistead joins the Medcurity Podcast to discuss the gap between security spending and meaningful outcomes. With decades building and leading cybersecurity companies, he offers a direct look at what actually improves security programs in practice. The conversation with Joe Gellatly covers where AI supports security work and where it falls short, how to keep prevention in focus as attackers move faster, and why clear communication with leadership matters as much as technical tools. Mike also lays out practical steps for healthcare teams, including setting AI guardrails, strengthening vendor oversight, and keeping everyday work aligned with compliance expectations. Connect with Mike on LinkedIn: https://www.linkedin.com/in/mike-armistead-1164715/  Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #AIinSecurity #CyberLeadership #HealthTech #SecurityStrategy #DataProtection #HealthcareIT #CISO 

The year-end rush is coming, and there's one compliance requirement that shouldn't wait until December. This episode breaks down a HIPAA expectation that trips up organizations of every size, what regulators actually mean when they say "current," and why starting now gives you room to do it right instead of scrambling at the last minute. If you've been putting this off or you're not sure where you stand, this one's for you. Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #IncidentResponse

HIPAA isn’t a moving target—it’s a framework that still defines how patient data must be protected in 2025 and beyond. This episode features our full webinar, Your Actual HIPAA Requirements, presented by Jordan Scherich, Lead Business Analyst at Medcurity. She breaks down what regulators expect right now, how upcoming Security Rule updates will change encryption, MFA, and vendor oversight, and the practical steps every covered entity and business associate should take to stay compliant. We cover the biggest misconceptions, the real focus areas in OCR enforcement, and how to keep compliance continuous—not reactive. Whether you’re updating your Security Risk Analysis or building everyday compliance habits, this session will help you strengthen your program with clarity and confidence. Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #RiskManagement #VendorRisk #OCR #Privacy #SecurityRule

Most incident response plans aren’t tested until it’s too late. This episode walks through what “ready” actually looks like in healthcare: knowing where PHI lives, keeping your Security Risk Analysis current, setting clear roles, and practicing real scenarios so teams don’t freeze when it matters. We cover fast detection, clean containment, and smart recovery, plus the pieces that often get missed. If your plan is on paper but not practiced, this will help you turn it into something usable. Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #IncidentResponse

Your organization doesn’t operate alone—and neither does your risk. In this episode, we look at how vendors, business associates, and service providers can quietly impact your HIPAA compliance and security. From overlooked contracts to outdated risk reviews, even trusted partners can become weak links if they’re not managed well. Hear what good vendor oversight actually looks like, how to make it part of your Security Risk Analysis, and why accountability can’t be outsourced when it comes to protecting patient data. Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #VendorRiskManagement

The Security Risk Analysis isn’t just another compliance task. It’s the foundation of your HIPAA program and the proof that you’re protecting patient data. In this episode, hear why now—not January—is the time to get it done. Recent OCR fines show that organizations of every size are still being penalized for missing or outdated SRAs. Waiting costs more in money, reputation, and trust. This episode breaks down what the SRA actually does, how it shapes your risk management plan, and why it’s the single most important compliance step to finish before the year ends. Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis 

Enforcement is active, policy is tightening, and threats continue to evolve. This episode looks ahead to what 2026 will bring for healthcare compliance—how recent OCR settlements, proposed HIPAA Security Rule updates, and CMS’s 2026 payment rule all point to one clear expectation. Hear what strong compliance looks like going forward, from mapping ePHI and managing vendors to building steady routines that keep documentation current and defensible. Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis 

Bruce Gray joins the Medcurity Podcast to share insights from more than 20 years leading the Northwest Regional Primary Care Association (NWRPCA).    He’s joined by Joe Gellatly, CEO of Medcurity, for a conversation on the unique challenges and strengths of rural healthcare and community health centers, the future of care delivery, and how a team-based approach is reshaping connections across the system. Bruce also reflects on what it takes to embrace change, using AI and smarter workflows to bring care back to a more personal, individualized level.   If you’re planning to attend the upcoming NWRPCA Spokane event, let us know. We’re hosting an afterparty and would love to connect!    Connect with Bruce on LinkedIn: https://www.linkedin.com/in/bruce-gray-a596bb9/   Learn more about Medcurity here: https://medcurity.com   #Healthcare #Cybersecurity #Compliance #HIPAA #Podcast #NWRPCA 

Madelaine Yue joins the Medcurity Podcast for a great discussion on AI and human collaboration, healthcare transformation, and strategic data optimization.  As a Transformation Architect, Madelaine partners with healthcare executives to navigate the complex healthcare landscape, turning their bold visions into life-saving impact. Through blending data, human behavior, and strategic planning, she empowers executives to secure their legacy, igniting engagement and fostering organizational change that lasts. Her approach enables organizations to conquer healthcare delivery challenges, thus ensuring patients receive efficient, cost-effective, and high-quality care. Connect with Madelaine Yue on LinkedIn: https://www.linkedin.com/in/madelaineyue/ Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #AIinHealthcare #AI #Podcast #HIT #Healthcare 

A ransomware incident. A settlement. And a clear message from OCR: when the basics are missing, enforcement follows. This episode zeroes in on the expectation that applies to everyone. Providers, health plans, and vendors alike are expected to keep a current Security Risk Analysis and act on what it finds. Hear what “current” looks like in real operations, how CMS policy signals point to ongoing risk management, and the simple habits that turn analysis into proof.  Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis 

The final months of the year move quickly, and compliance tasks often get left to the last minute.  In this episode, we walk through five steps that can keep your organization ahead. Each one builds a stronger foundation for compliance and reduces the chance of scrambling when the new year begins. Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis 

CMS (Centers for Medicare & Medicaid Services) has released the Fiscal Year 2026 Final Rule for hospital and long-term care payments, and it brings important updates for quality reporting, interoperability, and compliance. Learn what’s changing, from the end of the low wage index hospital policy to adjustments in reporting programs, and new expectations under the Promoting Interoperability Program. We’ll also highlight why the Security Risk Analysis is taking on an even more central role. Whether you’re directly affected or just want to understand where policy is headed, this episode offers a clear look at the changes and how hospitals can prepare. Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #Medicare #Medicaid #CMS 

In a recent case, a ransomware attack revealed long-standing gaps that led to a $250,000 settlement. OCR’s recent action shows how overlooked requirements, like a Security Risk Analysis and timely breach notifications, turn an attack into enforcement. In this episode, we walk through the case, what regulators found, and the practical steps every healthcare organization can take to avoid the same outcome. Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #OCR #Ransomware

In this episode, Joe Gellatly and Daniel Schwartz discuss today’s most pressing security challenges—including zero trust, ransomware evolution, data loss prevention, and the risks tied to AI-powered “fast fashion” software. They share what teams can do now to stay secure without waiting for regulations to catch up. Connect with Daniel Schwartz on LinkedIn: https://www.linkedin.com/in/daniel-schwartz-cybersecurity/ Learn more about Medcurity: https://medcurity.com  #Healthcare #Cybersecurity #Compliance #HIPAA #ZeroTrust #Ransomware #DataLossPrevention #AIinHealthcare #MFA #PHISecurity

In this episode, Jennifer Oelenberger, President of EHR Concepts, joins us to share the MIPS 2025 framework in plain language—along with strategies to improve category scores, avoid common pitfalls, and make MIPS part of your everyday workflow. Learn more about Medcurity: https://medcurity.com Visit EHR Concepts: https://ehrconcepts.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #RiskManagement #MIPS

In this episode, we talk about Network Vulnerability Assessments (NVAs)—how they pinpoint weaknesses like open ports and unsafe accounts before attackers can exploit them, and why they’re key to shutting down easy entry points. We also walk through Medcurity’s new NVA Dashboard, now live in the platform. Instead of static PDFs, you get a real-time, interactive view of what needs attention, why it matters, and how to fix it. And with our Advanced NVA, you can go deeper with Attack Path Visualization, Active Directory Security Configuration Analysis, and a HIPAA Group Policy Assessment. Listen in to see how it works and how it can streamline your security efforts. Learn more about Medcurity and what we do here: https://medcurity.com  #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #NVA #RiskManagement