HIPAA

May 1, 2026

•

2 min read

Public subnets, NAT gateways, and "we restrict by security group" don't survive a HIPAA review. Here's the pattern that does.

Manan Qayas

HIPAA

Apr 24, 2026

•

2 min read

Generic cost optimization advice misses the patterns that show up in HIPAA-shaped workloads. Here are three I find on every audit.

Manan Qayas

HIPAA

Apr 12, 2026

•

2 min read

S3 access logging is off, or it's logging to the same bucket. Both are fails. Here's what auditors actually want.

Manan Qayas