New Sheriff in Town? Examining State Enforcement of AI Laws
States are rapidly adopting AI‑specific statutes that govern how payers, providers, and developers use artificial intelligence in healthcare. The laws assign enforcement authority to a variety of state agencies—from insurance departments to attorneys general—and impose fines ranging from $5,000 to $200,000 per violation, plus possible license suspension or criminal penalties. The Texas attorney general’s recent action against Pieces Technologies, although filed under a consumer‑protection act, illustrates how mis‑representations about AI accuracy can trigger enforcement and may invite additional penalties under the new AI statutes. Experts warn that the patchwork of state rules and a shifting federal landscape create a compliance minefield, making robust AI governance essential for health‑tech firms.
Fragmentation Overtakes Volume as the Top Sanctions Challenge
Three years after Russia’s invasion of Ukraine, sanctions activity has shifted from rapid expansion to heightened fragmentation. In 2025 regulators issued roughly 4,000 new designations across 265 updates, a decline from the 2022 peak but still substantial. Divergence is now...
How Compliance Teams Can Govern Continuous Monitoring
Compliance teams are moving from annual audits to continuous monitoring to catch control failures in real time, reducing the $4.44 million average breach cost projected for 2025. The article outlines how governance—defining scope, assigning owners, reviewing findings, and linking them to...
AI Governance as a Compliance Obligation: Integrating ISO/IEC 42001
Artificial intelligence now underpins hiring, credit scoring, customer service, and risk assessment, turning it from a technical tool into a compliance liability. Algorithmic decisions can unintentionally breach anti‑discrimination, consumer‑protection, or privacy laws, and AI models evolve with data, producing outcomes...
Navigating Data Privacy and Compliance Challenges in Digital Transformation
Digital transformation is accelerating adoption of cloud, automation, and AI, but it also amplifies data‑privacy and compliance risks. Organizations must juggle regulations such as GDPR, CCPA/CPRA, HIPAA, and emerging AI oversight rules across multiple jurisdictions. Strategies like privacy‑by‑design, comprehensive data...
Compliance Without Validation Is a False Sense of Security
Compliance teams can pass audits and keep perfect documentation yet remain vulnerable to third‑party breaches. The article argues that without real‑world validation, controls are merely theoretical and provide a false sense of security. It highlights that 68% of organizations experience...
An Expanding Problem: Fraud and Compliance Challenges in Bone Growth Stimulators
Bone‑growth stimulators, classified as Class III devices, sit at a volatile crossroads of reimbursement rules, medical necessity, and aggressive marketing. Recent enforcement actions reveal kickback schemes disguised as personal service agreements and template‑billing practices that generated over $1.1 million in fraudulent claims...
When Compliance Works and Nothing Happens
Natasha Pardasani argues that true compliance success is invisible, measured by decisions that stop problems before they surface. Organizations focus on incidents and investigations, overlooking the quiet interventions that prevent issues. She highlights that a mature governance framework relies on...
The Compliance Illusion: Why Passing an Audit Doesn’t Mean You’re Secure
PayPal’s Working Capital loan system exposed personal data for six months despite holding PCI‑DSS, SOC 2, and ISO 27001 certifications. The breach underscores that passing audits confirms controls at a point in time, not continuous security resilience. Author Dharmesh Acharya argues compliance...
Digital Financial Systems and Trafficking-Related Risk
The episode examines how the rise of digital financial systems and AI-driven transaction monitoring intersect with human trafficking, highlighting the ways illicit funds are concealed within high‑volume, low‑value digital payments. It discusses the vulnerabilities of automated identity verification, synthetic identities,...
Regulatory Silence Is an Interpretive Act
In this episode, Nathan Eckel explores how regulatory silence functions as an implicit form of interpretation, especially in healthcare compliance where guidance often lags behind operational change. He explains that organizations fill the void by creating provisional standards that become...
ICE at the Facility: How Healthcare Compliance Officers Should Respond
The episode explains how healthcare compliance officers should respond when ICE agents appear on site, emphasizing that unannounced enforcement can occur amid patient care and requires a deliberate, coordinated response. It highlights a leaked ICE memo suggesting agents may enter...
New Consumer Privacy Requirements Under the Indiana Consumer Data Protection Act Are Here
John Williams and Asha Cermak break down Indiana’s new Consumer Data Protection Act, which takes effect on Jan. 1, 2026, outlining the consumer rights to access, correct, delete, and port personal data, as well as opt‑out of selling, targeted ads, and AI...
The Hidden Compliance Cost of Poor Records Retention
In this episode, Graham Sibley, CEO of Collabware, explains how poor records‑retention practices create a hidden compliance cost estimated at $2.3 billion annually. He highlights the “just in case” mentality that leads to over‑retention, turning organizations into “target‑rich environments” that drive...
Employee “Betting” In Prediction Markets: New Risks for Insider Trading and Proprietary Information Disclosure
The episode explores the rapid rise of prediction markets such as Polymarket and Kalshi and the emerging compliance risks they pose when employees trade on material non‑public corporate information. It highlights high‑profile incidents—including a $32,000 bet on Venezuelan President Maduro’s...