In this episode of Low Code/High Impact, we sit down with healthcare attorney Matt Fisher, to discuss HIPAA privacy and security compliance in healthcare. Matt explains why HIPAA is "no longer the hard part" of healthcare regulation and why "HIPAA certified" vendors aren't recognized by HHS. He unpacks how FHIR interoperability and information blocking rules push patient data to third-party apps outside HIPAA's scope, and why shadow AI and employees pasting PHI into AI tools are creating hidden breaches. Matt also breaks down what Business Associate Agreements actually protect against and why class-action settlements, not OCR fines, have become the costliest consequence of a data breach.