Send us Fan Mail

AI is already inside your healthcare workflows, your vendors, your phones, and your inbox. The hard part is not getting access to the tools. The hard part is using AI without quietly leaking PHI and waking up to a HIPAA breach you never saw coming.

We break down the question most teams ask the wrong way: “Is AI HIPAA compliant?” HIPAA wasn’t written for large language models, but the law still applies, and the responsibility still lands on you. We walk through how AI fits into the HIPAA Privacy Rule (who can access PHI), the HIPAA Security Rule (encryption, access controls, audit logs, and evidence), and the HIPAA Breach Notification Rule (what you must do when something goes wrong). We also talk about why “HIPAA-ready” marketing claims mean nothing without a signed Business Associate Agreement (BAA) and a real vendor risk conversation.

Then we get practical: shadow AI, staff copying PHI into chat tools, data leakage through model training defaults, and the basic governance moves that prevent all of it. You’ll hear our recommended AI acceptable use policy structure, how to build an AI inventory and risk register, what an AI risk assessment should evaluate, and why penetration testing and vulnerability scanning matter even more as regulations tighten.

If you want to move fast without losing control, subscribe, share this with a teammate who’s rolling out AI, and leave a review. What AI tool is your organization using today, and do you have a BAA for it?

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us Fan Mail

We launch new penetration testing and vulnerability scanning services and explain why passing audits still leaves hidden security risk. We lay out a practical testing cadence, how it maps to HIPAA, SOC 2, and ISO, and how proactive validation builds trust with clients before an attacker forces the lesson.
• compliance versus security, why policies do not stop attacks
• why 2026 attackers scan and exploit automatically
• vulnerability scanning as continuous monitoring with risk scoring and remediation tracking
• penetration testing as manual plus automated ethical hacking
• recommended cadence, monthly scans and annual pen tests
• when to retest, major changes and post-remediation validation
• mapping testing evidence to HIPAA risk analysis, SOC 2 controls, ISO 27001 requirements
• third-party reports for security questionnaires and deal credibility
• one-stop delivery to cut coordination time and reduce scrambling
If you go ahead and email us at hello at vanriancompliance.com, and you mention that, hey, Robin Don said I need a free t-shirt, we're gonna send you a free t-shirt. If you like and subscribe, and the more you do that, the better, the better the Van Ryan Compliance podcast can grow and reach more people

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us Fan Mail

Most people say they want a legacy. Then they run their business like it only needs to survive the next quarter. Rob and Dawn come back from the NAEO conference in San Antonio with a clear question for every owner: are you building something that lasts, or something that just pays?

We talk about what it looks like when a company actually makes it to 50 years, using Mtelco’s anniversary as a real-world case study. That opens up the bigger conversation around family business, multi-generational ownership, employee retention, and why “relationships over transactions” is not a slogan, it’s a strategy. We also get honest about the grind of small business life: work and life aren’t balanced, they’re woven together, and the only way it works is prioritisation, delegation, and building a team that believes in what you do.

Then we bring it back to the risks that can end a legacy fast. Cybersecurity and compliance are no longer optional if you want to stay audit ready and keep customer trust. We break down why incident response plans, disaster recovery planning, vulnerability scanning, and penetration testing matter, plus how AI governance needs guardrails so new tools don’t create new exposure. We close with the often-avoided topic of succession planning: if something happens to you, who runs the business, who calls the attorney, and how does payroll continue?

If you got value from this, subscribe, share the show, and leave a review. Are you building for decades or chasing the next deal?

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us Fan Mail

We break down the largest HIPAA Security Rule update in 15 years and explain what it demands from healthcare, SaaS, and telehealth teams. Clear requirements replace ambiguity with MFA everywhere, stronger encryption, real testing, faster recovery, and rapid partner notices.

• why HIPAA must modernize for cloud, AI and telehealth
• how ransomware pressure shapes stricter controls
• asset and data inventory as the foundation
• MFA as a universal, required control
• encryption across endpoints, transit and rest
• security testing with scans, pen tests and AV
• network segmentation to stop lateral movement
• incident response tested annually with 72‑hour restore
• 24‑hour notification to partners
• evidence‑based audits and stricter access management
• vendor due diligence and AI governance
• timeline to effective and compliance dates
• three actions to start now: risk analysis, MFA rollout, vendor inventory

Need help with a risk analysis? We can get a report together so you can see your risk and plan forward

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us Fan Mail

We sit down with ISO auditor David Foreman to demystify ISO 27001, compare it with SOC 2, and unpack what auditors actually look for. We cover real breaches, the limits of compliance tools, the rise of 27701 and 42001, and how to win leadership buy-in.

• what an ISO certification body does and how audits work
• ISO 27001 governance plus controls vs SOC 2 opinions
• readiness and internal audit roles vs external certification
• why breaches accelerate third-party assurance demands
• scoping strategy and avoiding retrofit pitfalls
• platforms as helpers not replacements for ownership
• getting executive buy-in with clear pain and outcomes
• 27701’s privacy system and 42001’s AI management
• sectors driving demand: cloud, finance, healthcare, education, law
• partnership approach to deliver readiness and certification

Follow Mastermind on LinkedIn and email hello@mastermindassurance.com

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send a text

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send a text

We sit down with auditor and risk leader Bennie Cleveland to unpack how to make AI defensible in the real world. We cover governance, healthcare and privacy frameworks, modern attack patterns, and the playbooks that separate confident teams from lucky ones.

• defining AI ownership, approvals, data scope, monitoring and explainability
• building an AI inventory and supplier risk register
• mapping to NIST CSF, HIPAA, GDPR, SEC expectations
• deepfakes and social engineering expanding the attack surface
• darknet monitoring and proactive exposure checks
• running tabletops for ransomware, data loss and web compromise
• human in the loop and prompt discipline for high-impact decisions
• common audit gaps in IR, BCDR and communications
• vendor AI due diligence and data transfer controls
• buying fewer tools with clearer purpose and guardrails

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send a text

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook