Blog Archives - Drummond Group

Your HIPAA Program Probably Wasn’t Built for AI

Healthcare organizations are adopting AI faster than any previous technology shift in the industry. From diagnostic support tools and clinical documentation assistants to revenue cycle automation, AI is already embedded

“We’ve Never Had a Breach” Is Not a HIPAA Compliance Strategy

Some healthcare organizations operate with untested quiet confidence. Annual HIPAA training is completed. Policies are documented and signed. IT confirms systems are secure. Years pass without incident. The conclusion feels

Understanding ONC Surveillance After Certification

For many health IT developers, certification feels like the milestone, the point where the hard work pays off and the product is ready for market. In practice, that is where

The Compliance Cliff Every Telehealth Platform Encounters

Men’s health proved the model. Companies like Hims & Hers, Ro, and Keeps demonstrated that patients will choose frictionless digital access over in-person visits for conditions they would rather not

Choosing the Right SOC 2 Path for Your Organization

At a high level, the difference between a SOC 2 Type I and Type II comes down to design vs. performance. A Type I report is a point-in-time snapshot, showing

FHIR Interoperability Expectations Are Escalating

Future Market Insights (March 2026) valued the global HL7 FHIR compliance market at $2.3B, with projections reaching $8.6B by 2036 (12.7% CAGR). The analysis named Epic, Oracle Health, Microsoft, and

The Importance of Impartial Remediation Support

You completed a security assessment. The findings report was shared. Your assessor identified vulnerabilities, ranked them by severity, and has given you a prioritized list of what needs to be

Six Questions to Ask a Penetration Testing Vendor

Not long ago, most organizations outside of financial services and healthcare could treat penetration testing as optional. That has changed. The forces pushing organizations toward pen testing in 2026 are

Traditional QA Is Reaching Its Limits in FHIR Ecosystem Testing

The strategic case for continuous FHIR validation is well established, but the technical case for how to execute it is not. Health IT organizations understand that point-in-time certification was never

Search

Your HIPAA Program Probably Wasn’t Built for AI

“We’ve Never Had a Breach” Is Not a HIPAA Compliance Strategy

The Hidden Costs of Fast Compliance

The Hidden Costs of Ignoring Penetration Testing in Healthcare

Your HIPAA Program Probably Wasn’t Built for AI

Drummond Certifies 10 B2B Solutions in Second Quarter of 2026 for AS2 Interoperability

The Hidden Costs of Ignoring Penetration Testing in Healthcare

Your HIPAA Program Probably Wasn’t Built for AI

Drummond Certifies 10 B2B Solutions in Second Quarter of 2026 for AS2 Interoperability

Your Vulnerability Scans Are Leaving Gaps

Your HIPAA Program Probably Wasn’t Built for AI

Why Prior Auth API Certification Matters Now

Category: Blog

Your HIPAA Program Probably Wasn’t Built for AI

“We’ve Never Had a Breach” Is Not a HIPAA Compliance Strategy

Understanding ONC Surveillance After Certification

The Compliance Cliff Every Telehealth Platform Encounters

Choosing the Right SOC 2 Path for Your Organization

FHIR Interoperability Expectations Are Escalating

The Importance of Impartial Remediation Support

Six Questions to Ask a Penetration Testing Vendor

Traditional QA Is Reaching Its Limits in FHIR Ecosystem Testing

FREE EXPERT CONSULTATION

Drummond Group, LLC