VRC: Govern Before You Grow

AI Policy, Security, and Real Readiness

Author

Junie Talisay
January 21, 2026

New Podcast Episode:

AI is no longer experimental. It’s embedded in everyday business operations. In this episode, Rob and Dawn break down why organizations should establish clear AI policies and governance first, before rushing toward certifications. They unpack the real risks of unmanaged AI use and explain how the right frameworks build trust with customers, regulators, and insurers.

In This Episode:

  • AI Risk in Everyday Use — common business AI use cases and the bias, privacy, and security risks they introduce

  • Why AI Audits Matter — how audits uncover hidden gaps in training, data handling, and governance

  • EU AI Act & the U.S. Landscape — what global regulation looks like today and what businesses should prepare for

  • NIST AI RMF Explained — governance, map, measure, and manage as a practical risk framework

  • ISO 42001 Breakdown — the only certifiable AI management system and when it makes sense to pursue it

  • Policies Before Certifications — why documented AI policies and procedures are the foundation of readiness

  • Vendor Due Diligence & Trust — how AI, vendors, and trust centers impact customer confidence

  • A Stepwise AI Path — moving from policy → risk assessment → audit → certification with intention

If your organization is already using AI (or plans to soon) this episode offers a clear, practical roadmap for managing risk, building trust, and choosing the right level of assurance before regulators or customers force the conversation. Listen now!

Compliance Feature

In partnership with

Healthcare companies and services, along with vendors working with Protected Health Information (PHI) are being told to harden their systems.

Federal regulators kicked off 2026 sending out new advice strongly encouraging firms and vendors to harden their software, systems and devices that handle PHI. The message from the U.S. Department of Health and Human Services comes as a reminder that a one-and-done scenario is a dangerous position.

Outdated software, unsecured devices and new technology like Artificial Intelligence (AI) are resulting in a significant spike in compliance problems and privacy breaches.

NEARLY 38,000 PERSONAL HEALTH DATA BREACHES SINCE JANUARY 2, 2026.

The Office for Civil Rights (OCR), which oversees and enforces HIPAA regulations, continues to publish breach data. OCR’s latest numbers aren’t good kicking off the new year in a good way. Federal authorities point to medical device security gaps and incomplete software updating and patching as leading contributors to these incidents.

Critical cybersecurity guidance is available from the U.S. Food and Drug Administration (FDA), and VanRein Compliance strongly urges IT teams to review and apply these recommendations as part of your security posture.

Collaborating with VanRein Compliance gives you an extra set of eyes and ears in your compliance effort and work with you to maintain privacy and trust with your teams and clients, to help keep you in a focus forward mindset rather than becoming part of the problem.

  1. Constantly monitor for unpatched vulnerabilities.

  2. Maintain a tight, scheduled risk assessment position.

  3. Review and update devices, inventories and policies on a consistent basis.

  4. Create an atmosphere of “all eyes on” and awareness of HIPAA security risks.

  5. Maintain open conversations across all areas and build strength. Everyone’s a deputy.

A consistent, human-guided compliance effort reduces incidents and helps limit organizational liability. The goal is not just to respond to risk, but to stay ahead of it.

Partner with VanRein Compliance to strengthen your HIPAA security posture, validate controls, and reinforce accountability across your organization. Let’s tighten compliance security together!

Contribution Corner

One part of my role on the VanRein Compliance team is monitoring trends in the compliance industry and understanding how they impact our clients and our company. A great deal of attention is currently focused on Artificial Intelligence (AI) and it’s coming in hot!

Spending a lot of time on airplanes recently made something very clear. You might wonder how being strapped into an airplane seat relates to protected information and compliance. Hear me out: AI is no longer the flight stuck in a holding pattern, circling the airport indefinitely. AI is the flight that is landing, no matter what, with 50 mph crosswinds. We all know that kind of landing probably won’t be smooth, but on the ground as the plane is hurtling forward at high speed, things can spiral out of control quickly without intense focus and deliberate effort.

AI is already touching patients, doctors, clinicians, telecommunications and ALL supporting industries and vendors. Without clear focus and intention, veering off the runway can happen fast and get messy. Moving forward, integrating AI into everyday operations is no longer optional in 2026. Your attention must be on:

  1. AI uses and integration.

  2. Selecting the right AI platform.

  3. Ensuring that platform protects private information at every level.

  4. Implementing guardrails and constraints to keep regulated data properly contained.

  5. Educating your team and building human oversight into every stage of AI implementation.

These five priorities only scratch the surface of the AI universe and the opportunities it presents to strengthen compliance, build trust, and enhance reputation. Embedding AI into your organization’s “bloodstream” will involve a steep learning curve, but you can do it. It requires a true team effort, and collaboration is essential for success and accountability. Surround yourself with people who deeply understand this powerful tool and always act in your best interest. You cannot compromise on this. 

Our clients know VanRein Compliance strives every day to set the standard across a broad spectrum of compliance disciplines. Coaching, training, trust, and focus win the day. AI is an amazing tool, but it’s people who will truly make it great.

Serving You,

RJ O’Connor
Chief of Staff

Sponsor Spotlight

Introducing the first AI-native CRM

Connect your email, and you’ll instantly get a CRM with enriched customer insights and a platform that grows with your business.

With AI at the core, Attio lets you:

  • Prospect and route leads with research agents

  • Get real-time insights during customer calls

  • Build powerful automations for your complex workflows

Join industry leaders like Granola, Taskrabbit, Flatfile and more.

All the news that matters to your career & life

Hyper-relevant news. Bite-sized stories. Written with personality. And games that’ll keep you coming back.

Morning Brew is the go-to newsletter for anyone who wants to stay on top of the world’s most pressing stories — in a quick, witty, and actually enjoyable way. If it impacts your career or life, you can bet it’s covered in the Brew — with a few puns sprinkled in to keep things interesting.

Join over 4 million people who read Morning Brew every day, and start your mornings with the news that matters most — minus the boring stuff.

Podcast Essentials

YOUR WEEKLY PODCAST FEATURE

Restart to Rhythm: Building Compliance Readiness

Rob and Dawn explain why compliance readiness isn’t about restarting, but about building a consistent, operational rhythm that holds up when it matters most.

What Our Clients Can Expect From VRC in 2026

Rob and Dawn pull back the curtain on the company’s 2026 theme, Focus Forward, and what that mindset means in real, practical ways for organizations partnering with VRC this year.

Newsletter Features

COMPLIANCE DISCOVERIES

Article 1:

Restart to Rhythm: AI Governance in 2026

Article 2:

Focus Forward 2026: Restarting Compliance in Practice

Article 3:

Compliance in 2025 and What Changed

A VanRein Compliance Reminder

Reply

or to participate.