VanRein Compliance Podcast

Send us Fan MailThe “trust center” trend is getting weird fast. If your security page is a glowing badge, a wall of green checks, or a portal that forces buyers into an access request black hole, we think you’re signaling the wrong thing and losing deals you should be winning.We break down why traditional GRC tooling often turns into compliance theater: lots of workflows and mapped controls, but very little proof when a customer asks for the last risk analysis, a HIPAA audit artifact, a SOC 2 report, an ISO 27001 result, or a penetration test. With HIPAA 2026 changes raising the bar, smarter SOC 2 and ISO buyers comparing vendors, and AI risk forcing real visibility into data flows and tool approvals, “we’re compliant” is no longer a convincing answer.We share a practical blueprint for building a real trust center backed by evidence. That means linking to the right reports (without dumping confidential data), publishing executive summaries for pen tests and vulnerability scans, showing MFA enforcement and encryption proof, and keeping dates, signatures, and update cadence visible so trust builds over time. We also talk about vendor oversight and risk visibility, including how to think about sharing risk in a way that shows maturity rather than perfection.If you want your compliance program to speed up sales instead of slowing it down, listen now, then subscribe, share this with your security or revenue team, and leave a review so more builders can move from checkboxes to real trust.Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailAI is already inside your business, and the uncomfortable truth is you might not even know where. Copilot in Microsoft, Gemini in Google, bots layered on top of bots, and “quick tests” in personal accounts all create real compliance risk the moment sensitive data enters the mix. At the same time, regulation is tightening fast, which means the gap between how teams use AI and what auditors expect is getting more dangerous by the week.We walk through what’s changing globally with the EU AI Act and its risk-based tiers, then bring it home to the US reality with HIPAA compliance and the coming pressure on the HIPAA Security Rule. We talk plainly about what enforcement-ready security looks like: multi-factor authentication everywhere ePHI touches, encryption in transit and at rest you can prove, audit logging that shows who did what, and risk assessments that aren’t just checklists. We also dig into vendor accountability, why Business Associate Agreements still matter, and how to validate a partner’s security posture through trust centers, real certifications, and subprocessor transparency.Then we get practical about AI governance. We share the guardrails we rely on: mapping data flows, keeping an AI tool inventory on your supplier register, setting an AI usage policy your team can actually follow, and using a human-in-the-middle approach to reduce hallucination and patient-safety liability in healthcare AI. If you’re trying to stay audit ready for HIPAA, SOC 2, ISO 27001, or HITRUST while still moving fast with AI, this gives you a clear path forward.Subscribe for more compliance and security guidance, share this with your leadership team, and leave a review if it helped. What AI tool is already embedded in your workplace stack?Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailAI is already inside your healthcare workflows, your vendors, your phones, and your inbox. The hard part is not getting access to the tools. The hard part is using AI without quietly leaking PHI and waking up to a HIPAA breach you never saw coming.We break down the question most teams ask the wrong way: “Is AI HIPAA compliant?” HIPAA wasn’t written for large language models, but the law still applies, and the responsibility still lands on you. We walk through how AI fits into the HIPAA Privacy Rule (who can access PHI), the HIPAA Security Rule (encryption, access controls, audit logs, and evidence), and the HIPAA Breach Notification Rule (what you must do when something goes wrong). We also talk about why “HIPAA-ready” marketing claims mean nothing without a signed Business Associate Agreement (BAA) and a real vendor risk conversation.Then we get practical: shadow AI, staff copying PHI into chat tools, data leakage through model training defaults, and the basic governance moves that prevent all of it. You’ll hear our recommended AI acceptable use policy structure, how to build an AI inventory and risk register, what an AI risk assessment should evaluate, and why penetration testing and vulnerability scanning matter even more as regulations tighten.If you want to move fast without losing control, subscribe, share this with a teammate who’s rolling out AI, and leave a review. What AI tool is your organization using today, and do you have a BAA for it?Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWe launch new penetration testing and vulnerability scanning services and explain why passing audits still leaves hidden security risk. We lay out a practical testing cadence, how it maps to HIPAA, SOC 2, and ISO, and how proactive validation builds trust with clients before an attacker forces the lesson. • compliance versus security, why policies do not stop attacks • why 2026 attackers scan and exploit automatically • vulnerability scanning as continuous monitoring with risk scoring and remediation tracking • penetration testing as manual plus automated ethical hacking • recommended cadence, monthly scans and annual pen tests • when to retest, major changes and post-remediation validation • mapping testing evidence to HIPAA risk analysis, SOC 2 controls, ISO 27001 requirements • third-party reports for security questionnaires and deal credibility • one-stop delivery to cut coordination time and reduce scrambling If you go ahead and email us at hello at vanriancompliance.com, and you mention that, hey, Robin Don said I need a free t-shirt, we're gonna send you a free t-shirt. If you like and subscribe, and the more you do that, the better, the better the Van Ryan Compliance podcast can grow and reach more people Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailMost people say they want a legacy. Then they run their business like it only needs to survive the next quarter. Rob and Dawn come back from the NAEO conference in San Antonio with a clear question for every owner: are you building something that lasts, or something that just pays?We talk about what it looks like when a company actually makes it to 50 years, using Mtelco’s anniversary as a real-world case study. That opens up the bigger conversation around family business, multi-generational ownership, employee retention, and why “relationships over transactions” is not a slogan, it’s a strategy. We also get honest about the grind of small business life: work and life aren’t balanced, they’re woven together, and the only way it works is prioritisation, delegation, and building a team that believes in what you do.Then we bring it back to the risks that can end a legacy fast. Cybersecurity and compliance are no longer optional if you want to stay audit ready and keep customer trust. We break down why incident response plans, disaster recovery planning, vulnerability scanning, and penetration testing matter, plus how AI governance needs guardrails so new tools don’t create new exposure. We close with the often-avoided topic of succession planning: if something happens to you, who runs the business, who calls the attorney, and how does payroll continue?If you got value from this, subscribe, share the show, and leave a review. Are you building for decades or chasing the next deal?Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWe break down the largest HIPAA Security Rule update in 15 years and explain what it demands from healthcare, SaaS, and telehealth teams. Clear requirements replace ambiguity with MFA everywhere, stronger encryption, real testing, faster recovery, and rapid partner notices.• why HIPAA must modernize for cloud, AI and telehealth• how ransomware pressure shapes stricter controls• asset and data inventory as the foundation• MFA as a universal, required control• encryption across endpoints, transit and rest• security testing with scans, pen tests and AV• network segmentation to stop lateral movement• incident response tested annually with 72‑hour restore• 24‑hour notification to partners• evidence‑based audits and stricter access management• vendor due diligence and AI governance• timeline to effective and compliance dates• three actions to start now: risk analysis, MFA rollout, vendor inventoryNeed help with a risk analysis? We can get a report together so you can see your risk and plan forwardThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWe sit down with ISO auditor David Foreman to demystify ISO 27001, compare it with SOC 2, and unpack what auditors actually look for. We cover real breaches, the limits of compliance tools, the rise of 27701 and 42001, and how to win leadership buy-in.• what an ISO certification body does and how audits work• ISO 27001 governance plus controls vs SOC 2 opinions• readiness and internal audit roles vs external certification• why breaches accelerate third-party assurance demands• scoping strategy and avoiding retrofit pitfalls• platforms as helpers not replacements for ownership• getting executive buy-in with clear pain and outcomes• 27701’s privacy system and 42001’s AI management• sectors driving demand: cloud, finance, healthcare, education, law• partnership approach to deliver readiness and certificationFollow Mastermind on LinkedIn and email [email protected] You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWe sit down with auditor and risk leader Bennie Cleveland to unpack how to make AI defensible in the real world. We cover governance, healthcare and privacy frameworks, modern attack patterns, and the playbooks that separate confident teams from lucky ones.• defining AI ownership, approvals, data scope, monitoring and explainability• building an AI inventory and supplier risk register• mapping to NIST CSF, HIPAA, GDPR, SEC expectations• deepfakes and social engineering expanding the attack surface• darknet monitoring and proactive exposure checks• running tabletops for ransomware, data loss and web compromise• human in the loop and prompt discipline for high-impact decisions• common audit gaps in IR, BCDR and communications• vendor AI due diligence and data transfer controls• buying fewer tools with clearer purpose and guardrailsThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWe roll out two new services—tabletop exercises and AI and automation governance—and dig deep into why tabletop drills prove readiness, resilience, and audit defensibility. From foundational policy walk‑throughs to enterprise war rooms, we map maturity levels and show how to turn SOPs into real action.• what auditors expect from tabletop evidence • foundational awareness, roles and policy validation • ops drills that test detect, contain and recover • executive crisis decision‑making and communications • DR and BCP validation across cloud and on‑prem • RTO and RPO targets, failover and manual workarounds • audit defensibility, documentation and remediation plans • cross‑functional alignment across HR, legal, IT and dev • threat‑informed scenarios, red and blue team perspectives • after‑action reports with owners and timelines • annual cycles that raise difficulty and close gaps“if you got an email from me, there’s also a coupon. so we offer 15% off a tabletop. respond to my email or just reach out to us and we’ll schedule a time” “for the folks that aren’t clients, there’ll be more details down in the notes… or hello at vanright compliance.com” “like or subscribe, it gets us into more people’s feeds”Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWe turn a deep freeze into a practical tabletop for households and businesses, building a clear plan for power, internet, people, and customers. From generators and Starlink to MFA bypass and recovery checks, we map decisions that turn chaos into continuity.• prioritizing power layers with generators and UPS• dual‑path internet and cellular failover testing• handling school closures and quiet zones at home• stocking food, water, heat, and plumbing protection• roles, thresholds, and decision points for DR• customer communication across email, web, and phone• physical security, vendor contacts, and property access• MFA backup codes and access overrides• integrity checks and lessons learned after recoveryLike and subscribe because the more you like and subscribe, the more folks get to listen to usWe can help you here at Van Ryan if you're a current customer or you're just listening and you're like, oh, I want to know more about them. We can help you create business continuity, disaster recovery, instant response plan. And we can also help you kind of formulate a framework for tabletop exercises. That is a line of service that we offer here at Van RyanThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWe compare NIST AI RMF and ISO 42001, explain why AI audits matter, and share practical steps to build trust with customers, regulators, and insurers. We lay out a simple path: write policies, assess risk, and choose the right level of assurance.• everyday AI use cases and core risks• why audits reveal bias, privacy gaps, and weak training• EU AI Act context and US landscape• NIST AI RMF governance, map, measure, manage• ISO 42001 as a certifiable AI management system• policy and procedure essentials for safe AI use• vendor due diligence and trust centers• competitive advantage through frameworks and certification• stepwise path from policy to assessment to certificationEmail us at [email protected] or drop a question in the comments so we can help you choose the right path and get your AI program audit-readyThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWe draw a hard line between frantic resets and a steady compliance rhythm that proves readiness when it counts. Clear ownership, small cadences, and current evidence cut drama, reduce risk, and build trust with auditors, partners, and customers.• defining readiness as proof not perfection• event-based scrambling versus behavior-based cadence• maturity signals auditors actually trust• named owners and deputies for continuity• weekly to annual review rhythms that stick• avoiding tool creep and demanding real evidence• aligning to HIPAA, SOC 2, ISO, HITRUST and privacy laws• structure and measurement over willpower and heroicsJoin Rob and Dawn for our “How To Do An AI Audit” webinar this weekLike and subscribe to help more people build a compliance rhythmThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWhat Our Clients Can Expect From VanRein Compliance in 2026Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWe unveil our groundbreaking VRC1 platform designed to revolutionize how businesses approach compliance. This single, centralized solution brings together all aspects of compliance management, from evidence collection and documentation to real-time communication with auditors.• VRC1 creates one central place for all compliance activities, eliminating the need for multiple platforms and endless email chains• Real-time chat functionality enables immediate communication with the Van Ryn team, reducing delays in compliance processes• The mobile app puts compliance management in your pocket, allowing you to upload evidence and respond to queries from anywhere• Customizable workflows guide you through specific compliance frameworks including HIPAA, SOC 2, ISO, and HITRUST• Built-in meeting scheduling and video conferencing eliminates the need to switch between multiple applications• Remediation workflows transform assessment findings into actionable tasks with clear deadlines based on criticality• The platform automatically creates comprehensive audit trails, ensuring transparency and accountability• All communications are centralized and searchable, making evidence collection and incident investigation more efficient• VRC1 scales seamlessly as your compliance needs evolve, supporting multiple frameworks without starting from scratchLook for your email invitation to onboard to VRC1 this week. We're excited to hear your feedback as we continue to enhance the platform and make compliance management simpler and more efficient.Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWe explore why vendor oversight is a critical yet often overlooked aspect of compliance programs, examining how third and fourth-party vendors present the greatest risk to your company's data security. Our conversation dives into strategies for building effective vendor management systems that go beyond superficial checkbox activities.• Third and fourth-party vendors create cascading risk levels for your business and customer data• Vendor oversight requires continual relationship maintenance, not just initial vetting• Security certificates like SOC 2 must be verified for currency and validity• Companies frequently fail in vendor management during staff transitions• Documentation is essential: maintain a supplier register with contracts, certifications, and contacts• Track artifact expiration dates for compliance certificates, insurance, and penetration tests• Proper offboarding procedures are crucial when ending vendor relationships• Homework: review your top five vendors, confirm their compliance posture, and document relationshipsTake these items back to your organization and dive into examining your vendor oversight program. Simple steps like documenting relationships, tracking certifications, and establishing clear escalation paths will significantly strengthen your compliance posture.Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThe episode emphasizes the importance of maintaining a compliance program as an ongoing effort rather than a one-time task. It covers the evolving nature of regulations, risks of neglecting compliance, implementation best practices, and the critical role of vendor management.• Compliance is an ongoing commitment, not a one-time task • Regular audits and updated policies are crucial for effectiveness • Employee training must be continuous to mitigate risks • Neglecting compliance can result in severe financial and reputational damage • Vendor management is essential to safeguarding sensitive data • Technology can aid compliance efforts, but human oversight remains key • Staying vigilant ensures preparedness for evolving legal requirementsThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailUnlock the secrets of ISO compliance with us as we sit down with David Forman, a seasoned ISO auditor and the co-founder of Mastermind Assurance. David pulls back the curtain on the unique role of ISO auditors and how their work stands apart from other assurance programs like SOC 2 and HITRUST. With his vast experience, David provides a clear breakdown of ISO standards, particularly focusing on governance requirements and control sections within management systems like ISO 27001. This episode is essential for anyone looking to understand the ISO certification process and its global impact.Explore how data breaches, from the early 2010s to the pandemic era, have fundamentally altered consumer awareness and corporate security practices. David and our hosts delve into major incidents like the Equifax breach, discussing their profound influence on security compliance. We dive deep into the intricacies of SOC 2 and ISO 27001 certifications, highlighting the paths from SOC 2 Type 1 to Type 2 and ISO's Stage 1 to Stage 2 certifications. If you’re curious about how companies can transition between these frameworks to enhance their security credentials, this segment is a must-listen.Navigating multiple compliance frameworks can be a challenging task, but David shares invaluable strategies for making this transition smoother, from HIPAA to ISO 27001 and beyond. The importance of a flexible governance program, stakeholder buy-in, and addressing pain points like GDPR and AI-related risks are all covered in detail. We also touch on emerging standards such as ISO 27701 for privacy management and ISO 42001 for AI management. Don't miss this treasure trove of insights and practical advice for anyone involved in the world of compliance.Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailUnlock the mysteries of SOC 2 compliance with  Kate Williams, our expert CPA and certified SOC 2 auditor from Maxwell Locke & Ritter. Kate turns what could be a tedious topic into an accessible and engaging affair. We cover the ins and outs of the SOC 2 framework, its inception, and why tech companies big and small need to sit up and take notice. Kate's unique blend of humor and deep industry knowledge illuminates the audit process and the strategic value of SOC 2 reports, leaving no stone unturned in this critical discussion.The tech landscape is evolving, and with it, the pressures faced by startups to achieve SOC 2 compliance. In a candid conversation with Kate, we dissect the nuances between SOC 1 and SOC 2 audits, and the difference between Type 1 and Type 2 reports. The insights offered go beyond mere compliance; they're about seizing opportunities and navigating the challenges of resource allocation for early-stage companies. This chapter reveals the true value of compliance investments and when it might be wise to challenge the status quo.We wrap up with a deep dive into the darker side of tech – data breaches, their repercussions, and the subtleties of off-boarding processes. By sharing stories of security slip-ups and the importance of structured documentation, Kate emphasizes the need for robust cybersecurity measures. She also clarifies the distinctions between SOC 2 and ISO certifications, ensuring our listeners are armed with the knowledge to protect their companies from becoming another cautionary tale. Tune in for a conversational, yet enlightening session that's anything but a dry lecture on compliance.Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailJen and James Schultz of Answer Midwest join us to share the rhythms of their 30-year marriage, both at home and at the helm of their family-business. Imagine intertwining the threads of romance and entrepreneurship, crafting a tapestry of mutual respect, defined roles, and shared visions. Our guests recount their transition from college sweethearts to business co-pilots, offering listeners a real-life roadmap to blending love with livelihood.We crack open the playbook on maintaining individuality while sharing a common goal, discussing how to preserve personal space amidst a shared professional landscape. Jen and James, along with my own experiences with my spouse Rob, provide insights into setting boundaries and respecting the professional-personal divide. We delve into the nuanced choreography of couple-run businesses, the importance of independence, and the delicate art of not letting shop talk overtake pillow talk.Rounding out our conversation, we celebrate the legacy of Answer Midwest, where family, support, and wisdom intertwine to foster growth and innovation. We applaud the Schultz's for mastering the 'Space and Grace' mantra within their enterprise, and we encourage you, our dear listeners, to draw inspiration from their journey. Join us for a heartening look at the power of partnership in business and life, and perhaps find the spark to ignite your own story of success and togetherness.Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailEver wondered how the pumpkin spice latte you love so much could possibly lead to a profound conversation about data privacy?  Your hosts Rob and Don, are here to make that transition smooth! In this episode, we'll be sharing tales from our lives, dabbling in band competitions, football games, and even our views on the overpowering pumpkin spice craze. But the real kicker comes when we shift gears to unbox the intricate world of privacy policies, cookie policies, and Data Processing Agreements (DPAs).Does the legal jargon in these policies make your head spin? Fear not! We simplify these essential terms, highlighting the crucial aspects every organization needs to consider - data usage, possible sales, and even advertising methods. We walk you through the maze of global and state privacy laws, helping you craft a policy that perfectly fits your needs. Learn why ignoring cookie banners could land you in hot waters legally, and why accepting all cookies should never be an option. Let’s unravel the complexities of data privacy together and make sure our personal information stays safe. Join us for this peculiar blend of fun and function - it's a ride you won't want to miss!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailEver thought about how to build an unshakeable trust with your vendors? Ready to harness AI without fearing the risk of breaching data security compliance laws? That's exactly what we'll be uncovering in this latest episode. We kick things off with a nostalgic trip down memory lane, reminiscing about the delightful Texan tradition of crafting homecoming mums. We also share our experiences from the HITRUST Collaborate Conference in Dallas and discuss the importance of community support in events like the big band competition.Nothing says trust like a reputable certification. In this chat, we unravel the intriguing aspects of High Trust certification, guiding you through the journey towards achieving it. Get familiar with the E1 audit, a cornerstone in building the fundamentals of HITRUST, and its application across businesses of different sizes. From control mapping to vendor risk management, our discussions navigate you through crucial conversations that could help mitigate risks vendors may pose to your business.AI is changing the world - but at what cost? We tackle the often murky waters of AI usage, discussing the evolving landscape of certifications like SOC2, ISO, GDPR, and HIPAA. As we examine the High Trust AI Assurance Program and SOC2 auditors, we explore how your organization can use AI responsibly and securely. From assessing the cost of ransomware attacks to considering the potential benefits of becoming self-insured, we leave no stone unturned. Before we sign off, we reflect on the importance of having AI policies and discuss potential consequences of not having one. So, tune in, engage, and don't forget to connect with us on LinkedIn!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailEver wondered what it's like to navigate the maze of HITRUST certification for healthcare data security? Well, you're in the right place! Join us, Dawn and Rob, as we unravel the complexities of HITRUST, HIPAA compliance, and the various levels of HITRUST certification. We'll walk you through the cost, the importance of customization, and the crucial steps required for an effective implementation. Documenting everything is key in this process, and we're here to tell you why!As we delve into the nitty-gritty of Control Mapping and Disaster Recovery plans associated with Hytrust implementation, we keep things light and seasonal. Embrace the spirit of fall as we celebrate the arrival of pumpkin spice season and the approach of Halloween. We share our experiences of Texas-style Halloween, complete with trailer-ride trick-or-treating and neon bracelets. It's a delightful mix of in-depth discussion and fun banter that you wouldn't want to miss! Keep listening because next week, Rob will be bringing back insights from the Hytrus Collaborate 2023 in Dallas. So, buckle up and enjoy the ride!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailReady to uncover the latest healthcare industry shake-up? Costco, the retail giant, has decided to leap into the healthcare industry with a telehealth service, and we'll be your guides through this significant transition. Riding on the wave already set by Amazon, Walmart, and Sam's Club, Costco's foray into the market promises affordable and easy-to-access virtual primary care visits, lab testing, and even virtual mental health services through Sesame, an online platform. The implications of such a move in the healthcare industry, particularly for those with high deductible plans and the uninsured, are vast and transformative.But here's another twist - ever wondered about the vital role of the Business Associate Agreement (BA) in the realm of telehealth? Strap in as we navigate through the complex world of BA, laying bare the need for meticulous security measures, frequent risk assessments, and diligent breach reporting. We'll illustrate its importance in training and educating both covered entities and business associates, and the criticality of trust when handling precious customer and patient data. Join us, as we analyze what the Costco-Sesame partnership means in the context of BA compliance and what it implies for the healthcare industry's future. It's a conversation you won't want to miss!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWe kick off this week's episode of the VanRein Compliance pod by diving into the thrilling world of marching band season and its captivating musical diversity. We even spill some tea on Taylor Swift's unexpected influence on the NFL and her worldwide reign. But, we're not all fun and games. We put on our serious hats to explore the intriguing trend of declining union membership in the U.S. over the past decade, and its impacts on industries nationwide. Be prepared to come away with a deeper understanding of the stark contrasts between unionized and non-unionized companies, particularly in terms of profit margins and employee compensation.That's not all! We also venture into the complex labyrinth of state privacy laws, with a special focus on Delaware's Personal Data Privacy Act, which is set to change the game in 2025. We've got your back, breaking down what it means for businesses dealing with Delaware residents. If you've been keeping tabs on the rising number of HIPAA violation reports, we provide guidance on the correct process to report a violation either to the government or a company's privacy officer. You'll gain clarity on identifying legitimate violations and the essential details to include when you file a complaint. We wrap up by emphasizing that facts are the unsung heroes of data security and compliance. Don't miss out on this riveting discussion. Tune in and get ready to expand your knowledge!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailEver wondered how to navigate the ever-evolving landscape of HIPAA audit requirements and cybersecurity threats? This episode takes you on a thrilling journey where the stakes are high, and the races are fast - both in the realm of F1 racing and the world of healthcare audits. As we rev our engines, we chat about the latest F1 races in Singapore and Italy, sharing our top picks for teams and drivers. We also dive into the nitty-gritty of the new HIPAA audit requirements, focusing on the shift towards more cybersecurity-based threats.Buckle up as we shift gears and delve into the heart of cybersecurity threats. Drawing from the HHS OCR's list, we discuss the top five threats businesses face today - from social engineering and ransomware to data loss. But fear not! We also lay down the roadmap to navigate these threats with their ten recommended mitigating practices. We illuminate the potential risks, the effective countermeasures, and the importance of being proactive rather than reactive when it comes to cybersecurity. As we cross the finish line, we explore the terrain of strong compliance practices and securing your environment. We highlight the value of encryption, identity and access management, data loss prevention, disaster recovery, and asset management. We also underscore the significance of antivirus and anti-malware software, robust passwords, and wifi security. And in the spirit of staying ahead of the curve, we evaluate the implications of new laws emerging from the recent election cycle. So, join us for this adrenaline-packed episode; let's navigate the racecourse of cybersecurity and HIPAA audits together.Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWho knew a deep dive into the world of HIPAA could be so much fun? Buckle up, because we're taking you on a lively journey into the intricacies of HIPAA violations, highlighted by the recently released audit guidelines from the OCR. But wait, there’s more. We're not just your average HIPAA aficionados - we're Rob and Dawn, hosts of the Van Rein Pod, back from a hiatus, and bringing you a whole new style of podcasting, complete with audience applause!In between the laughs, we're getting personal. From the trials and triumphs of our teenage son's high school marching band season to the stinky saga of our skunked dogs, we keep the banter flowing. Then, we switch gears without missing a beat to enlighten you about unauthorized access and its impact on the healthcare sector. It's a whirlwind of entertainment and education, and we promise, you won't want to miss a minute!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan Mail Welcome to the  VanRein Compliance Podcast where we dive into the latest and greatest in Data Compliance, Technology, and family-owned businesses.This week Rob and Dawn dive into ChatGPT and what it means for Data Compliance and your business.Dawn also dives into the Dog problems and why 2023 is the year of AI.Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWelcome to The VanRein Compliance Podcast: the Podcast that will secure your business with a clear plan to reduce your risk.This week our hosts Dawn and Rob Van Buskirk discuss how to create your Legal Life Plan with Amanda Batsche;In this week's episode, we unpack the following topics:What is a Legal Life Plan and why dyou need oneHow is a Legal Life Plan different from an Estate PlanHow to create your own Legal Life plan for yourself, your family, and your business You can learn more about Amanda watch a free introductory webinar to Legal Life Planning and how to get your own Legal Life Plan at her site  www.batschelaw.com . Connect with Amanda on Instagram  @batschelaw or FacebookThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWelcome to The VanRein Compliance Podcast: the Podcast that will secure your business with a clear plan to reduce your risk.This week we show you what the job duties of a Compliance Officer are and the one question you need to ask your business.We also discuss what the difference is between Privacy Officer, Compliance Officer, Security Officer, and even a Police Officer!And the ONE question you need to ask...Every week The VanRein Compliance Podcast will help you simplify compliance, secure your business, and reduce your risk all while having some fun.  Thanks for joining us!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThis Weeks Podcast is a Best Of the VRC Podcast and a special one for Dawn and Rob as they celebrate 22 years of marriage! Dawn talks about what works and what did not and Rob discusses the advice that his parents gave him when Dawn and Rob tied the knot.Plus, we dive into how to work together and be married!  Listen for the sweet nuggets of success you can use in your life.You can always learn more at VanRein Compliance.comSchedule a free Cyber Risk Review of your business Education for your team: HIPAA, HB300, GDPR, CCPA, FERPA, DiversityThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailHello and Welcome to the VanRein Compliance Podcast !This week Dawn and Rob tackle Cyber Insurance! They review what it is, the types of Cyber Insurance you need, and what your Insurance company is looking for.We also review why an insurance Broker is critical to your business to save you $$$.You can reach out to us at [email protected] with your insurance questions.Every week Dawn and Rob provide you with valuable information so you can protect your business and your customer's trust.Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThis week Dawn is Solo! Kinda like Hans Solo but Better! She dives into the new 2023 data privacy laws that will impact your business and the recent Texas Cold snap! Dawn will discuss the following laws and what you need to do to prepare your business.California Privacy Rights Act, effective January 1, 2023Virginia Consumer Data Protection Act, effective January 1, 2023Colorado Privacy Act, effective July 1, 2023Connecticut Data Privacy Act, effective July 1, 2023Utah Consumer Privacy Act, effective December 31, 2023Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThis week we have a special Guest on the VRC Podcast, Ramo Rendon the Director of Harbor Interfaith Services in  San Pedro, CA.  We discuss the services that Harbor provides the community and the need that he sees daily. We also discuss what inspired him to work for Harbor and serve his community.We also dive into the  Top 5 Ways to Help the HomelessBe a good listener. The next time you find yourself in a conversation with a homeless person, lend an ear and practice active listening. ...Give hope, not cash. ...Help them to the Mission. ...Get involved — donate or volunteer. ...Love Bigger.Taking time to serve others during this month of giving will make an impact on your community and you. Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailDawn and Rob dive into Bootstrapping your business vs. VC Debit and how you can not be a Slave to the Lender! In this week's episode we unpack the following topics:VCs promise a better tomorrow with cash todayBootstrapping BenefitsOther people’s money means rules:MeetingsMore meetingsReportsMore reportsMeetings and reportsReports and meetingsPresentations, reports, and meetings Area's you can save $$$How to negotiate a new contract that works for both parties As we discussed send an email to [email protected] to share your bootstrapping stories or ideas to keep costs low Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailDawn and Rob dive into Managed Compliance Services and how they will save you time and money! In this week's episode we unpack the following topics:What are Managed Compliance ServicesHow do Managed Compliance services save you  time and money SOC2 vs ISO27001, what's the difference, and what's right for your businessAs we discussed send an email to [email protected] with the title Rob said FREE! and a member of our staff will schedule your Risk Review and get you a free training license. Every week The VanRein Compliance Podcast will help you simplify compliance, secure your business, and reduce your risk all while having some fun.  Thanks for joining us!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThis week our hosts Dawn and Rob discuss why  education is at the heart of compliance and why it is critical to the success of your teamIn this week's episode we unpack the following  education topics:- HIPAA- HB300- PCI-GDPR-CCPA-FERPA-NY Shield Act-Bloodborne Pathogens-Medicare Fraud, Waste & Abuse -Cybersecurity -DiversityYou can learn more about our education by going To Our Website VanReinCompliance.comEvery week The VanRein Compliance Podcast will help you simplify compliance, secure your business, and reduce your risk all while having some fun.  Thanks for joining us!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThis episode breaks down the process that makes up the VanRein Compliance Framework.It is made up of the 3 keys for compliance success: 1. The risk assessment / audit2. Custom policies and procedures3. Education / TrainingListen as we go into detail about each component and why it is important for your business. At VanRein Compliance we partner with our clients to simplify compliance, reduce your risk and secure your business. You can access our library of on-demand courses hereThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailSpecial Episode Welcome to The VanRein Compliance Podcast. The Podcast that will secure your business with a clear plan to reduce your risk.Our hosts Dawn and Rob Van Buskirk are joined by Pam Stenzel.  She is the Senior Regional Clinic Coordinator for Community Pregnancy Clinics.  Pam oversees 5 clinics and 2 Mobile clinics in Southwest Florida, with the newest clinic opening in Gainesville, Florida across from the University of Florida campus.  Pam has been working in the Pregnancy Help community for over 30 years and has also traveled internationally supporting the pregnancy help community as well as promoting sexual integrity to students. While taking on her new role as Clinic Coordinator in Florida she became keenly aware of the necessity of HIPAA compliance. In this weeks episode we  unpack the following topics:Why Should Pregnancy Clinics need to be focused on data security and HIPAA complianceWhat security/compliance issues Pam sees as she travels to clinics around the nationHow the current climate, with the US Supreme court hearing the Mississippi case and the  Texas Heartbeat Law creating an urgent need for Pregnancy Clinics to evaluate their current compliance needs.What recommendations Pam has for clinics to get HIPAA compliant and protect their mission.And what recommendations Pam has on approaching your board about the importance of HIPAA compliance.  You can learn more about Pam at Enlightencom  BrightCourse.com and HopeSync.comEvery week The VanRein Compliance Podcast will help you simplify compliance, secure your business, and reduce your risk all while having some funThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThe VRC Podcast turns 1 this week!  A big Thank You to our great listeners for continuing to listen and share our podcast. We wouldn't be here without you! After the party and cake Dawn and Rob dive into GDPR Compliance and why you need to take notice. You can always learn more at VanRein Compliance.comSchedule a free Cyber Risk Review of your businessEducation for your team: HIPAA, HB300, GDPR, CCPA, FERPA, DiversityThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailIn this Weeks Podcast, Dawn and Rob discuss Current events including the passing of HM Queen Elizabeth II, September 11th, and Friday Night Lights! We also dive into PCI Compliance, what it is and how you can meet the industry standard. You can always learn more at VanRein Compliance.comSchedule a free Cyber Risk Review of your businessEducation for your team: HIPAA, HB300, GDPR, CCPA, FERPA, DiversityThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailIn this Weeks Podcast, Dawn and Rob discuss the Texas HB300 Regulation and how you can be compliant.  Rob will dive into how your PII is sold to Auto Manufacturers and  Dawn will talk about the Bull at the High School! Say what??You can always learn more at VanRein Compliance.comSchedule a free Cyber Risk Review of your businessEducation for your team: HIPAA, HB300, GDPR, CCPA, FERPA, DiversityThank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailHIPAA, not HIPPA, Compliance training needs to educate your team not bore them to death! This week Dawn and Rob dive into HIPAA Compliance Training and why it is critical to your business. They discuss,What it isTraining Pain PointsWho needs  HIPAA Compliance Training Who is responsible for ensuring that training is completeWhy amazing training is importantWhyTraining logs are key!Building the Human FirewallYou can schedule a time for a free risk review at VanRein Compliance.Com and watch a preview of our courses at VanReinCompliance.com/courses Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThis Weeks Podcast is a special one for Dawn and Rob as they celebrate 22 years of marriage! Dawn talks about what works and what did not and Rob discusses the advice that his parents gave him when Dawn and Rob tied the knot.Plus, we dive into how to work together and be married!  Listen for the sweet nuggets of success you can use in your life.You can always learn more at VanRein Compliance.comSchedule a free Cyber Risk Review of your business Education for your team: HIPAA, HB300, GDPR, CCPA, FERPA, Diversity Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailThis is a fun-filled episode with Dawn and Rob as they dive into Morning Rituals, Rob has found Pilates, Our Interview Framework that works and Dawn gives away FREE coffee!!To get your free VanRein Special Blend Coffee just send an email to [email protected] with the subject PODCAST COFFEE  and your mailing address and a member of our team will send you your free Coffee Merch! You can learn about the VanRein Framework at VanReinCompliance Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailEver wonder why software Platforms do not solve your compliance problems? This week our host  Rob Van Buskirk discusses why Platforms do NOT solve your compliance problems and how the VanRein Compliance Framework does. In this week's episode we unpack the following topics:What automated platforms are missing when it comes to ISO and SOC complianceWhy platforms alone will NOT help you achieve your compliance goalsHow the VanRein Compliance Framework solves your problems As we discussed send an email to [email protected] with the title Rob said FREE! and a member of our staff will schedule your Risk Review and get you a free training license. Every week The VanRein Compliance Podcast will help you simplify compliance, secure your business, and reduce your risk all while having some fun.  Thanks for joining us!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook

Send us Fan MailWelcome to The VanRein Compliance Podcast: the Podcast that, Simplifies ComplianceSecures Your BusinessReduces Your RiskThis week our hosts Dawn and Rob Van Buskirk Talk about DRUM COPS and the new Data Privacy Laws that will impact your business The Weekend we attended the DCI Southwestern Championships at the Alamodome the fun we had and a Fun Fact about Rob ! Then we dive into the data Privacy Laws Coming in 2023 that will impact your business. We unpack each of the following:CPRA, which amends and expands CCPAVirginia Consumer Data Protection Act (CDPA) Colorado Privacy Act (CPA)  Connecticut Data Privacy Act (CTDPA)Utah Consumer Privacy Act (UCPA) Then we give you tips on what you can do to prepare your business! As always you can reach out to the VanRein Team to schedule a Discovery Call with one of our compliance guides. Every week The VanRein Compliance Podcast will help you simplify compliance, secure your business, and reduce your risk all while having some fun.  Thanks for joining us!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on XFollow us on Facebook