Notes from sixteen years of clinical safety, defect prevention, and healthcare data engineering. ONC, CMS, HIPAA, MHMDA, FHIR. What the enforcement record actually shows, what the engineering bar actually is, and why patient data ownership is not optional.
Five years at Opala implementing FHIR endpoints across all four servers that matter. Strengths, gotchas, and what an actual practitioner notices after the vendor demo is over.
Read more →January 2026 metrics reporting has already started. Most readiness checklists are vendor brochures. Here is what your engineering team should actually have on disk, with the public regulator citations.
Read more →A surveillance finding lands on a Friday. Always a Friday. The financial penalty is rarely the worst part. The cost no one prices is what happens to the team.
Read more →Healthcare data compliance vendors love to sell with stats and rarely cite the source. ONC, HHS OCR, and CMS already maintain the public record. Here is how we plan to use it.
Read more →More posts coming. Subscribe via LinkedIn for cross-posted versions.