VRC: AI Governance & Tabletop Exercises

Building Compliance That Holds Up Under Pressure

Author

Junie Talisay
February 04, 2026

New Podcast Episode:

Resilience isn’t built during an incident. It’s built before one happens.

Rob and Dawn unpack how tabletop exercises and AI governance work together to help organizations prove readiness, reduce risk, and respond with confidence when things go wrong.

In This Episode:

  • Why Tabletop Exercises Matter — how tabletops move organizations from assumptions to real-world readiness

  • Maturity-Based Tabletops — aligning exercises to your organization’s size, risk, and compliance maturity

  • Foundational to Advanced Scenarios — from policy walkthroughs to executive crisis simulations

  • Disaster Recovery & Business Continuity — validating RTOs, RPOs, failover, and recovery capabilities

  • Regulatory & Audit Defensibility — preparing evidence, documentation, and workflows that stand up to scrutiny

  • Cross-Functional Coordination — breaking down silos between IT, legal, HR, leadership, and operations

  • Threat-Informed Testing — using real-world attack paths and disruption scenarios

  • After-Action Reporting — turning tabletop findings into clear remediation and next steps

  • AI Governance on the Horizon — how governance and automation fit into long-term resilience

If your organization wants to move beyond check-the-box compliance and build real, tested resilience, this episode breaks down how tabletop exercises and governance frameworks make readiness measurable, repeatable, and defensible. Listen now!

Featured Article

Together with

Artificial Intelligence (AI) is everywhere, touching nearly every online interaction and becoming a key efficiency tool in healthcare and beyond. When AI handles sensitive personal information or Protected Health Information (PHI), the risks multiply quickly: potential data breaches, re-identification, bias, and regulatory violations can turn innovation into liability. If you haven't heard of AI Governance yet, you're already playing catch-up. It's essential for any organization using AI that touches PHI.

Official Definition: AI Governance is a structured framework of policies, processes, controls, oversight mechanisms, and best practices that ensure AI systems are developed, deployed, monitored, and managed responsibly.

In the Real World (Especially for HIPAA), if AI is used in your business and it processes or could access PHI, you need a comprehensive plan aligned with HIPAA's Privacy Rule, Security Rule, and Breach Notification Rule. This means addressing AI-specific risks like algorithmic bias, opaque decision-making, and enhanced cybersecurity threats. Partnering with experts like VanRein Compliance provides the guidance, education, and coaching to navigate this rapidly evolving tech and regulatory landscape. As it’s been said: “Many hands make light work.”

This Matters Now

AI isn't going away… it’s accelerating. Take proactive steps today to govern it responsibly, protect PHI, and avoid costly pitfalls. Your patients, your organization, and your reputation depend on it. Do not compromise.

Partner with VanRein Compliance to build or strengthen your AI governance program. We provide practical, human-guided support to help organizations protect PHI, reduce risk, and use AI with confidence. Reach out now for tailored support.

Compliance Feature

Navigating today's compliance landscape requires deep, "in-the-weeds" expertise and it's anything but boring. 2026 is shaping up to be a pivotal year, with major HIPAA updates on the horizon. Tough decisions lie ahead, including financial investments, but the cost of inaction far exceeds proactive steps you can take today.

AI Governance is now front-and-center in compliance efforts. If you've handled HIPAA documentation and audits before, get ready: AI-specific audits are being integrated into the process, and you can't afford to ignore them. Federal and state regulations are rolling out rapidly, with significant changes and updates expected in the first half of 2026, particularly around the long-awaited HIPAA Security Rule enhancements (proposed in late 2024/early 2025 and slated for potential finalization by May 2026).

These focus on mandatory cybersecurity controls, technology asset inventories, regular vulnerability scanning, penetration testing, and better protection of electronic PHI (ePHI) in an era of increasing threats, including those tied to AI systems. Staying on top of it all can feel overwhelming… but it doesn't have to.

VanRein Compliance has built its reputation on dignified, trusted, professional, no-compromise service with zero-defect goals. These aren't just words; they're how the VRC team operates every day. Recognizing the challenges ahead in 2026, we've developed comprehensive plans, policies, risk assessment procedures, security reviews, awareness training, and tabletop exercises to ease the transition into this new AI frontier.

We keep our clients, partners, and compliance family ahead of the curve, never playing catch-up. At the heart of our AI Governance approach is Humans-in-the-Loop (HITL) oversight, ensuring responsible, accountable use of AI while protecting PHI.

Take the first step today: Send an email ([email protected]) or reach out for a real conversation with one of our VRC experts. We'll demystify AI Governance in plain language you'll understand and value. We know the “unknowns” around AI can be intimidating. Let us remove the confusion and show you how to harness this powerful tool successfully, aligned with your hard work and compliance needs.

Don’t wait for regulations to catch up to you. Act now to protect your organization, your patients, your reputation, and your future. VanRein Compliance is here to guide you with confidence.

Sponsor Spotlight

Ship the message as fast as you think

Founders spend too much time drafting the same kinds of messages. Wispr Flow turns spoken thinking into final-draft writing so you can record investor updates, product briefs, and run-of-the-mill status notes by voice. Use saved snippets for recurring intros, insert calendar links by voice, and keep comms consistent across the team. It preserves your tone, fixes punctuation, and formats lists so you send confident messages fast. Works on Mac, Windows, and iPhone. Try Wispr Flow for founders.

Smarter news. Fewer yawns

Business news takes itself way too seriously.

Morning Brew doesn’t.

Morning Brew delivers a smart, skimmable email newsletter on the day’s must-know business news — plus games that make sticking around a little more fun. Think crosswords, quizzes, and quick breaks that turn staying informed into something you actually look forward to.

Join over 4 million professionals reading Morning Brew for free. And walk away knowing more than you did five minutes ago.

Podcast Essentials

YOUR WEEKLY PODCAST FEATURE

Winter Storm Tabletop: When Weather Becomes a Business Risk

Rob and Dawn walk through how organizations can prepare for winter storms and other disruptions using tabletop exercises, clear communication plans, and documented recovery processes that protect both people and operations.

Why Your Business Needs An AI Policy Before Chasing Certifications

Rob and Dawn break down why organizations should establish clear AI policies and governance first, before rushing toward certifications.

Newsletter Features

COMPLIANCE DISCOVERIES

Article 1:

Plan-Prepare-Perform: AI Governance and Disaster Risk Readiness That Hold Up

Article 2:

Restart to Rhythm: AI Governance in 2026

Article 3:

Focus Forward 2026: Restarting Compliance in Practice

A VanRein Compliance Reminder

Reply

or to participate.