Send us Fan Mail

AI is already inside your healthcare workflows, your vendors, your phones, and your inbox. The hard part is not getting access to the tools. The hard part is using AI without quietly leaking PHI and waking up to a HIPAA breach you never saw coming.

We break down the question most teams ask the wrong way: “Is AI HIPAA compliant?” HIPAA wasn’t written for large language models, but the law still applies, and the responsibility still lands on you. We walk through how AI fits into the HIPAA Privacy Rule (who can access PHI), the HIPAA Security Rule (encryption, access controls, audit logs, and evidence), and the HIPAA Breach Notification Rule (what you must do when something goes wrong). We also talk about why “HIPAA-ready” marketing claims mean nothing without a signed Business Associate Agreement (BAA) and a real vendor risk conversation.

Then we get practical: shadow AI, staff copying PHI into chat tools, data leakage through model training defaults, and the basic governance moves that prevent all of it. You’ll hear our recommended AI acceptable use policy structure, how to build an AI inventory and risk register, what an AI risk assessment should evaluate, and why penetration testing and vulnerability scanning matter even more as regulations tighten.

If you want to move fast without losing control, subscribe, share this with a teammate who’s rolling out AI, and leave a review. What AI tool is your organization using today, and do you have a BAA for it?

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us Fan Mail

We launch new penetration testing and vulnerability scanning services and explain why passing audits still leaves hidden security risk. We lay out a practical testing cadence, how it maps to HIPAA, SOC 2, and ISO, and how proactive validation builds trust with clients before an attacker forces the lesson.
• compliance versus security, why policies do not stop attacks
• why 2026 attackers scan and exploit automatically
• vulnerability scanning as continuous monitoring with risk scoring and remediation tracking
• penetration testing as manual plus automated ethical hacking
• recommended cadence, monthly scans and annual pen tests
• when to retest, major changes and post-remediation validation
• mapping testing evidence to HIPAA risk analysis, SOC 2 controls, ISO 27001 requirements
• third-party reports for security questionnaires and deal credibility
• one-stop delivery to cut coordination time and reduce scrambling
If you go ahead and email us at hello at vanriancompliance.com, and you mention that, hey, Robin Don said I need a free t-shirt, we're gonna send you a free t-shirt. If you like and subscribe, and the more you do that, the better, the better the Van Ryan Compliance podcast can grow and reach more people

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us Fan Mail

Most people say they want a legacy. Then they run their business like it only needs to survive the next quarter. Rob and Dawn come back from the NAEO conference in San Antonio with a clear question for every owner: are you building something that lasts, or something that just pays?

We talk about what it looks like when a company actually makes it to 50 years, using Mtelco’s anniversary as a real-world case study. That opens up the bigger conversation around family business, multi-generational ownership, employee retention, and why “relationships over transactions” is not a slogan, it’s a strategy. We also get honest about the grind of small business life: work and life aren’t balanced, they’re woven together, and the only way it works is prioritisation, delegation, and building a team that believes in what you do.

Then we bring it back to the risks that can end a legacy fast. Cybersecurity and compliance are no longer optional if you want to stay audit ready and keep customer trust. We break down why incident response plans, disaster recovery planning, vulnerability scanning, and penetration testing matter, plus how AI governance needs guardrails so new tools don’t create new exposure. We close with the often-avoided topic of succession planning: if something happens to you, who runs the business, who calls the attorney, and how does payroll continue?

If you got value from this, subscribe, share the show, and leave a review. Are you building for decades or chasing the next deal?

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook