“The same threat actors we built defenses against in government were pivoting to small practices. And nobody had built the wall yet.”
Federal infrastructure background. Designed the platform’s zero-trust architecture, AES-256-GCM session vault, fail2ban intrusion response, SMS 2FA, Altcha challenge layer, and browser-fingerprinting defense — the security stack that protects patient data across every platform module.
Authored guides
3 guides on Patient Protect.
The six clauses in a Business Associate Agreement that determine whether the contract actually protects the practice or just satisfies the HIPAA box-check. What to read for before signing.
The eight encryption standards that satisfy HIPAA's technical safeguards and trigger the breach notification safe harbor. What each protects, where each applies, and what most practices get wrong.
The seven recurring failures that turn a risk analysis into the most-cited finding in OCR enforcement. What each gap looks like, and the corrective standard for each.
