Skip to main content

Author: admin

Satya Nadella defends Microsoft AI data center plans against community backlash

Satya Nadella
Satya Nadella
  • Satya Nadella defended Microsoft’s AI data center plans amid community backlash at Build keynote.
  • Microsoft’s AI infrastructure aims to address environmental and economic community concerns.
  • Microsoft is spending heavily on data center expansion.

Microsoft CEO Satya Nadella used a conference keynote on Tuesday to defend against one of the biggest challenges to the company’s massive AI datacenter buildout: Community backlash.

AI data centers have become such a political flashpoint that more people in a recent Gallup poll said they’d rather live near a nuclear reactor. The data center boom has received criticism over growing power costs, environmental concerns, and the potential impact of AI on jobs.

Microsoft in January released a plan to build what the company called “community-first” AI infrastructure, making promises including that its data centers won’t raise electricity rates for residents.

“How do we ensure that the DCs do not increase electricity prices, making sure that we are replenishing all our water use, creating jobs in the local communities for the local residents, adding to the tax base, making sure we’re strengthening the communities by investing in local training and the nonprofits in the area?” Nadella said at Microsoft’s Build conference.

“Only when we live up to these principles, do the hard work around it, is when we earn the permission to go ahead and innovate and build,” he added.

During Tuesday’s keynote, Nadella said the company’s Azure cloud business spans more than 500 data centers in 80 regions, which he described as the “most expansive hyperscaler footprint out there.” Microsoft has added more data center capacity in the last 18 months than in the first decade of Azure, the CEO also noted.

Building these facilities, and packing them with AI chips, networking equipment and other gear, is hugely expensive. The biggest cloud providers are on course to spend hundreds of billions of dollars this year on data centers. Meeting Microsoft’s recent pledges could add to this cost.

During his talk on Tuesday, Nadella said Microsoft is using a cooling loop for its data centers that is filled once, which helps the facilities operate with almost zero water consumption.

“In fact, the daily water usage over the course of an entire year is roughly equivalent to what a single restaurant would use,” Nadella said.

Have a tip? Contact this reporter via email at astewart@businessinsider.com or Signal at +1-425-344-8242. Use a personal email address and a nonwork device; here’s our guide to sharing information securely.

Read the original article on Business Insider

Dunkin’ made people fall in love with its merch despite a menu that’s decidedly mid. That’s different from Starbucks.

Dunkin' tote bag next to six donuts.
The Dunkin’ tote I got free with the purchase of a half dozen donuts.
  • Dunkin’ gave away free tote bags this week. I coveted one. And got one.
  • Dunkin’ has done cheeky and ironic merch drops like track suits and wedding ring boxes.
  • People have an affinity for the brand with Northeastern roots in a way they don’t for Starbucks.

On Monday, I called a few of my local Dunkin‘ locations to ask if they still had the free tote bags available with the purchase of a half or full dozen donuts. One location was very confused by the call, one didn’t answer, and one said that yes, they had just one in stock. I raced over, and to my relief, I secured the bag.

The free tote was a limited-time promotion. Locations only got 20 bags each. It’s not the first Dunkin’ merchandise promotion, and certainly not even the most exciting. A branded tote bag is one of those things that you accumulate in life — not necessarily something you seek out.

But there was just something about the Dunkin’ tote that called to me. As far as totes go, it’s handsome. It came in pink or orange straps against white, an L.L. Bean-influenced style. I felt something deep in my bones, my soul, that I had to have it.

What was it about this tote back that activated something in me? Stanning a brand is cringe (see: Disney adults), and I live in fear of being cringe. So what made this different for me?

I have a few ideas.

Dunkin’s merch strategy works on Gen Z

The marketing for Dunkin’ has leaned into viral moments and Gen Z appeal in the last few years. In 2020, Dunkin’ got TikTok star Charli D’Amelio to act as spokesperson and sold viral donut-scented candles. Its menu is full of sweet iced drinks that chase trendy flavors like matcha and ube. Dunkin’ recently jumped on the “dirty soda” trend, combining Pepsi and coffee milk. (I tried it, along with some of its other newest drinks, and found it fairly disgusting.)

Part of this push to Gen Z is with limited merch drops over the last few years (young people love a “drop”). This winter, Dunkin’ gave away a single pink mitten to keep your hand warm while holding an iced coffee, a playful nod to the Northeast tradition of consuming iced coffee even in winter. (While this may have once been a New England thing, the rise of iced beverages is nationwide, and since 2021, iced drinks have outsold hot ones at Starbucks, even in winter months.)

Earlier this spring, Dunkin’ gave away a pink wedding ring box (with purchase of 25 or more Munchkins) as part of its “I Dough” collaboration with Vera Wang. The collection, available online, was bridal-themed, including a white silk robe and pajama set with little cups of iced coffee on the sleeves.

A spokesperson for Dunkin’ told me the brand leans into the playful aspect of its personality and believes its fans appreciate being in on the joke.

New England runs on Dunkin’ merch

Regional pride is certainly a factor here. Dunkin’ started in the Boston suburbs in the 1950s, and now has more than 14,000 locations worldwide, but the Northeast US still has the highest concentration of stores. Although its headquarters are still in Massachusetts, Dunkin’ is owned by the conglomerate Inspire Brands, which also owns Buffalo Wild Wings, Jimmy John’s, and Arby’s. In May, Inspire Brands confidentially filed for an initial public offering.

I’m not immune to all this, having grown up in New England, where Munchkins and a Box O’ Joe were a simple part of the fabric of life. Even so, I didn’t really think of Dunkin’ as being so aligned with Boston and New England until the last decade or so, when there seemed to be a shift in the public consciousness about Dunkin’ being part of the Masshole identity. Whether this shift was organic or pushed by Dunkin’s own marketing, it’s hard to say.

In 2024, Dunkin’ sold limited editions of the “Dunkings” tracksuit worn by Ben Affleck, Matt Damon, and Tom Brady in a Super Bowl ad. The suits sold out in minutes. The Massachusetts governor wore the tracksuit to an event. Affleck and Damon, who have lived in Los Angeles for nearly their entire adult lives, appeared in more Super Bowl spots for the chain in 2025 and 2026.

An orange door with a pink Dunkin' "D" as the knob.
A friend has a Dunkin’ “D” door in her apartment in Queens.

The ironic love of Dunkin’: It’s kind of bad

There’s something about Dunkin’ that engenders love and a fandom unlike, say, Starbucks. People love Starbucks, sure. But they don’t typically wear Starbucks tracksuits or bucket hats. (Starbucks is the US’s No. 2 restaurant chain — behind McDonald’s — with more than $29 billion in consumer spending in 2025, which was up 2% from the previous year, according to a report from EMARKETER, Business Insider’s sister company. Dunkin’ is No. 5, with nearly $13.5 billion in spending, up 5% from the prior year.)

There’s also a layer of irony in the love of Dunkin’ that’s different from loving a “good” coffee shop.

Dunkin’ is, and I say this with great affection, kind of crummy. Dunkin’ does not aspire for that high-end coffee shop experience that Starbucks is going for. The interiors often leave a little to be desired, the food’s consistency is questionable, and the coffee is love-it-or-hate-it.

That lower pretension and lower price point are part of its appeal. I would go so far as to say that its humble reputation holds particular sway among its New England fan base, where there are deep cultural taboos against displays of flashiness or luxury. There are, of course, status symbols that denote New England class striations, but these are often subtle and hard for outsiders to parse. Something as overt as loudly announcing your love of expensive coffee (expensive coffee certainly exists there!) would violate local norms.

This is my first piece of Dunkin’ merch, even after decades of happy Munchkin consumption. My colleague Juliana Kaplan owns a Dunkin’-inspired T-shirt. A Dunkin’-loving friend who grew up in Massachusetts was given one of the pink “D” door handles from an actual Dunkin’ location as a housewarming gift when she bought an apartment in Queens. There’s just something whimsical and silly about Dunkin’ merch that people love.

I am already using my Dunkin’ bag (I like to think of it as a Dunkin’ Birkin, or what I call … a Dunkin) and have already received compliments on it.

A day later, totes are selling for $30 to $50 on eBay, and other limited Dunkin’ drops are selling for even more. I’ve seen the single mitten for $75 on Facebook Marketplace, and a hat that was given out at Fenway Park with the Red Sox’s “B” logo on an iced coffee is going for $75-plus.

But me? I’ll never sell.

Read the original article on Business Insider

Internal Microsoft employee surveys reveal how sentiment is changing inside the software giant

Microsoft CEO Satya Nadella
Microsoft CEO Satya Nadella

Microsoft employees are feeling more “energized” and “empowered” to do meaningful work, and worse about coaching, feedback, and motivation from managers.

That’s according to a recent internal memo that highlights the results of the company’s latest employee surveys.

In the memo, Microsoft Chief People Officer Amy Coleman shared what she called the “top strengths” and “top opportunities” from employee surveys.

The company has increased performance pressure on staff in recent quarters. It’s also overhauled the HR organization responsible for pay and promotion policies, and offered a buyout for some employees who want to retire.

“While much of this feedback is encouraging, I also know we are in a time of intense and exciting change. Many of you shared feelings of uncertainty and pressure as the work evolves,” Coleman wrote in the memo, which was viewed Business Insider.

“The leadership team and I hear that, and we’re committed to being more transparent, communicating more frequently, and giving context wherever we can,” she added.

Employee Signals

In Microsoft’s twice-yearly “Employee Signals” survey, employees responded most favorably to the following questions:

  • I prioritize addressing security challenges in my role: 88 (+1 compared to the last survey)
  • I feel included in my team: 86 (+1)
  • My team acts in ways that reflect Microsoft’s culture: 86 (new question)

And least favorably to the following:

  • I have opportunities to broaden my experience in my current role: 79 (new question)
  • I have what I need to be productive in today’s work environment: 80 (+4 compared to the previous survey)
  • I see a clear link between my work and my org’s objective: 81 (new question)

Managers and leaders

In a separate annual survey focused on managers and leaders, 85% of employees answered favorably to a question about whether they’re confident in their manager’s overall effectiveness, the same percentage as the previous survey.

Employees responded most favorably to the following:

  • (Manager’s name) embraces new challenges to drive innovative solutions: 86 (+1 compared to previous survey)
  • (Manager’s name) creates an inclusive environment where everyone can do their best work: 86 (-1)
  • (Manager’s name) invites different perspectives and works to align our team: 85 (0)

And least favorably to the following:

  • (Manager’s name) coaches me through challenges in my day-to-day work: 76 (-5 compared to the last survey)
  • (Manager’s name) gives clear feedback to help me improve: 79 (-4)
  • (Manager’s name) motivates me to do my best work: 82 (-2)

Microsoft declined to comment.

Read the full memo:

My goal is to have an ongoing, open conversation with you about what it’s like to work at Microsoft. Today’s post is part of that, sharing what we’re seeing in our H2 Employee Signals results so we can have a dialogue about what’s most important to you.

Your day-to-day experience matters, and so much of it is shaped by your manager and leader. At the same time, I want to be transparent about how things are feeling across Microsoft – what’s working, where we’re making progress, and where we still have more to do.

Thank you to the 71% of you who took part in Employee Signals and shared nearly 265,000 comments. It helps us better understand where we are as a company right now.

What the data is telling us

Our Thriving score, feeling energized and empowered while doing meaningful work, rose 3 points to 79, with consistent progress across every element.

  • Top strengths: A sharp focus on addressing security challenges, feeling included on teams, and teams working in ways that reflect our culture. When asked what helps you do your best work, comments pointed to empowerment, teamwork, culture, communication, and customer focus.
  • Top opportunities: Expanding experiences in role, making sure you have what you need to be productive in today’s work environment, and more clearly connecting your work to broader org objectives. Comments surfaced challenges around strategy, communication, processes, customer focus, and speed of execution.

While much of this feedback is encouraging, I also know we are in a time of intense and exciting change. Many of you shared feelings of uncertainty and pressure as the work evolves. The leadership team and I hear that, and we’re committed to being more transparent, communicating more frequently, and giving context wherever we can.

Manager and Leader Signals

In April, many of you leveraged our annual Manager and Leader Signals survey to share feedback with your manager and skip-level leader to help them grow.

Highlights include:

  • Confidence in your manager remained strong at 85.
  • The top strength for our managers is embracing new challenges to drive innovative solutions. At the same time, one of our biggest opportunities is strengthening how managers coach and support others through their day-to-day challenges.
  • Nearly 368,000 comments recognized strengths in clarity, empowerment, and driving results, while also pointing to opportunities around transparency, communication, and career development.

Thanks again for sharing your feedback.

Have a tip? Contact this reporter via email at astewart@businessinsider.com or Signal at +1-425-344-8242. Use a personal email address and a nonwork device; here’s our guide to sharing information securely.

Read the original article on Business Insider

OpenAI researcher says early-career tech workers should treat jobs as test drives

A man, dressed in black pants and a green top, runs up a colorful bar graph in front of a graphic of a sunny day.
Job-hopping could help early-career engineers find their value, a top OpenAI researcher wrote on X.
  • An OpenAI researcher wrote an X thread defending “job-hopping.”
  • He said it could help early-career engineers find a fit and know their value before committing to a company.
  • Still, it’s a tough time to job-hop, especially in the tech sector, recent data suggests.

Gabriel Petersson said he doesn’t think young workers need to avoid the dreaded “job-hopper” label.

In several X posts on Sunday, the OpenAI researcher said young tech workers should test out different teams before anchoring themselves to one company.

His view: early-career engineers need data points — on research projects, culture, and their own market value — before making a long-term bet. He called the traditional stay-put advice “braindead.”

“Please don’t take the advice that you should stay at a company long and ‘not hop around’ for your first jobs,” he wrote.

Recruiters have traditionally warned against job-hopping — or, relocating to new positions and companies every one to three years — because it can call a worker’s commitment into question.

Petersson said he doesn’t agree with that advice, suggesting that other young engineers instead take a fast approach to building their careers.

“Just tell people you are looking for internship or you want to ‘try working together for a month’ or say you’re a contractor,” he wrote, saying that hopping can result in “huge wins for everyone that all sides have information so you can price yourself in.”

Petersson himself hopped around before landing an AI research position at OpenAI in 2024, when he was 23, according to his GitHub profile. Before that, he worked as a software engineer at Dataland and Midourney for less than two years each, according to his LinkedIn profile. He dropped out of high school in Sweden at 17 to focus on building AI start-ups.

He isn’t the only tech personality to make the case for job-hopping. In April, when asked to grade some common career advice, Ryan Roslansky, LinkedIn’s former CEO, gave job-hopping for more money an “A.”

A tough job market raised the stakes for young workers

Still, the suggestions land at a tough moment for young workers, especially in tech. Tech companies, including Meta, Oracle, Microsoft, and Block, have announced major layoffs in recent months. Challenger, Gray & Christmas, a layoff-tracking firm, said that while fewer employers are cutting jobs overall this year, layoffs in the tech sector are up 40%.

Entry-level and engineering jobs have also been hit hard by AI, making the post-college job hunt harder for many young Americans — and raising the stakes for those who do land a role.

But Petersson said some of the best engineers he knows spent years at early jobs that, in hindsight, were not valuable stepping stones. He gave the example of an engineer spending “2.5 years at a startup” after college, making $80,000, before later landing a multimillion-dollar deal.

He said that some workers do strike it rich by joining the right company early. He wrote that a small number of people end up at a frontier AI lab or as early engineers at fast-growing startups, making life-changing money.

“These are extremely rare,” he wrote. “Ask any great engineer and you’ll realize how many years they wasted with bad companies.”

Petersson and OpenAI did not immediately respond to requests for comment.

Read the original article on Business Insider

This startup founder says he works 7 days a week, keeps a mattress in the office, and sleeps 3 hours a night

A corgi is pictured.
Corgi cofounder Nico Laqua (not pictured) said he has a mattress in the startup’s office and often showers at Equinox.
  • Corgi cofounder Nico Laqua said he sleeps in the office, often gets 3-4 hours of rest, and doesn’t take weekends off.
  • “I would rather measure my lifespan in victories than years,” he said on the “20VC” podcast.
  • Laqua is one of many AI founders flaunting their hardcore work schedules.

Nico Laqua said he’d rather shave years off his life than see his startup fail.

He cofounded Corgi, an AI insurance company, in 2024. Corgi became a unicorn in May, raising its Series B at a $1.3 billion valuation — before raising a Series B1 round at a $2.6 billion valuation three weeks later.

To reach such heights, Laqua said he keeps an unusually strict schedule, where he works seven days a week, sleeps in the office, and gets around three hours of shut-eye.

On an episode of the “20VC” podcast released Saturday, host Harry Stebbings asked Laqua: “Would you rather Corgi was a trillion-dollar company, but you died at 50, or it was a fail, and you live till you were 80?”

“The answer to that is pretty easy,” Laqua said. “I’m dying either way.”

Laqua’s outlook is part of a bigger trend in tech: the locked-in, “grindset” style of work. Founders are embracing the ‘996’ schedule — 9 a.m. to 9 p.m., six days a week — and cutting out alcohol and sex.

But Laqua takes it to an extreme. Here’s what he told Stebbings on the podcast:

He isn’t sleeping much

Laqua said he has a mattress on the floor of the Corgi office. His employees call it “Nico’s room.”

“I don’t spend every single night there anymore,” he said. “I used to shower at the Equinox one street over, and they close very early, like 8 p.m. on Fridays. So, that was unpleasant.”

Other startup founders are also embracing the office bed. When Business Insider toured young founders’ apartments in September, several pointed to couches and blow-up mattresses in their offices.

While the fusion of work and life may work for some, it can also cause burnout.

Laqua also said that he isn’t sleeping much. He said that he gets three to four hours of sleep a night. “I would rather measure my lifespan in victories than years,” he said.

The 7-day workweek

Some leaders want a four-day workweek. Laqua aims for seven.

“Whatever you can get done in five days, I promise you you’ll get more done in six and seven,” Laqua said. “You should go all out.”

Laqua said that high-growth startups in San Francisco have full offices on the weekends. “I don’t think it’s a coincidence.”

That doesn’t mean Corgi workers can’t take a rest day. Laqua said that its employees take a day off “every now and then” — but that they don’t have a ritualized weekend of rest.

“If your days off happen to be Saturday and Sunday every week, then you will not have a place at Corgi,” he said.

Linear cofounder Karri Saarinen wrote on X that Laqua’s thinking represented that of young founders “where the startup becomes their identity.”

“They have a hard time doing anything else, and cannot understand that your work is not the person that is you,” Saarinen wrote. “But activities outside of work can grow you as a person too and make you do better work.”

Laqua responded: “If you’re obsessed with a problem, you work hard.”

Those doggy tattoos

When Stebbings shared the interview online, he included one extra detail: that “2/3 of the first 30 team members have the Corgi logo as a tattoo.”

The statistic is not discussed in the interview. In September, Laqua told the Wall Street Journal that “two-thirds of our early employees got Corgi tattoos.”

Corgi has 177 employees, per PitchBook. Laqua and Corgi did not respond to requests for comments from Business Insider.

The tattoos stirred up debate online. “Imagine getting a tattoo all for building B2B SaaS,” wrote Coinbase’s Richard Wu. Former Lovable engineer Tiger Abrodi called it a “clown show.”

Others seemed intrigued. OpenClaw chief architect Vincent Koc quoted the line on X, added “Hmmmm,” and tagged the agent’s creator, Peter Steinberger.

On the podcast, Laqua emphasized the importance of strong branding.

“The cosmetic stuff does matter,” he said. “There’s a reason why governments and religions and all of the really important things tend to care about symbols.”

Would you work at a company with the expectation of a seven-day workweek? Let us know below:

Read the original article on Business Insider

5 Best HIPAA Compliance Software for Healthcare: Secure, Audit-Ready Platforms

5 Best HIPAA Compliance Software for Healthcare: Secure, Audit-Ready Platforms

5 Best HIPAA Compliance Software for Healthcare: Secure, Audit-Ready Platforms

This article compares five leading HIPAA compliance software platforms for healthcare organisations.

1. Vanta: best for automation-first healthcare tech teams (especially Business Associates)

Vanta is a trust management and compliance automation platform built for teams that want HIPAA to run like an always-on system check, not a once-a-year scramble. It is a strong fit for cloud-native healthcare SaaS companies and other Business Associates handling ePHI that also need to scale into SOC 2, ISO 27001, or HITRUST over time.
screenshot of the Vanta user interface
HIPAA coverage note: Vanta supports the HIPAA Security Rule and Breach Notification Rule, but it does not cover the HIPAA Privacy Rule. That distinction matters. If you are a Covered Entity (like a hospital system, health plan, or clearinghouse) and need Privacy Rule workflows in the platform, you will likely need a different tool.

Where Vanta stands out is automation depth. It connects to 400+ cloud and DevOps services and runs tests on a frequent cadence (about every 1 to 2 hours), using a HIPAA program mapped to 73 controls with roughly 123 automated and manual tests. In practice, that means you can continuously verify common requirements like MFA, encryption, access provisioning, and device posture, receive instant alerts whenever a control test fails—a workflow detailed in Vanta’s risk tracking module—and route issues into tools like Jira for remediation.

Vanta also covers the administrative side that tends to eat up time:

  • Policies: 18 total policies, including 6 HIPAA-specific, with tooling to customize and manage updates.
  • Training: Built-in HIPAA training is included, with an option to integrate with KnowBe4 if you want deeper security-awareness content.
  • Vendor and BAA tracking: BAAs and vendor risk can be managed through Vanta’s vendor risk management workflows, so third-party compliance does not live in scattered folders.
  • Breach readiness: Includes templates and workflows aligned to breach-notification obligations for Business Associates.

If you are running more than one framework, Vanta’s control mapping can materially reduce rework. For many teams, HIPAA overlaps meaningfully with SOC 2, ISO 27001, and HITRUST, so you can reuse evidence and controls rather than rebuilding your program from scratch.

Implementation and audit readiness: HIPAA in Vanta is self-attested, so there is no external HIPAA audit timeline to manage. Teams starting from zero typically get stood up in a few weeks to a few months, and organisations with an existing SOC 2 program can often move faster because a portion of controls are already satisfied.

Pricing: HIPAA can be included as a package framework or priced as a $5,000 per year add-on, with total first-year costs commonly landing in the $10,000 to $15,000+ range depending on company size and add-on modules.

Pros: deepest automation in this list (400+ integrations and frequent test cycles), strong cross-framework reuse if you are doing HIPAA plus SOC 2 or HITRUST, and self-attestation avoids audit fees and scheduling bottlenecks.

Cons: no Privacy Rule support (a deal-breaker for many Covered Entities), no native EHR integrations like Epic or Cerner out of the box, and it can be overkill for small clinics that do not run a cloud-heavy stack.

Customer proof: Hummingbird Healthcare achieved SOC 2 Type 1 plus HIPAA in 3 months. Other reported outcomes include Modern Health saving 100+ hours annually, Vibrent Health reducing vendor review time from 100 hours to a few hours per week, and ITx Companies seeing 41 per cent of HIPAA controls pre-populated from an existing SOC 2 program.

2. Compliancy Group (The Guard): best for clinics that want hands-on coaching

Compliancy Group’s platform, The Guard, is built for healthcare organisations that want a guided path to HIPAA compliance with a real person in the loop. If your biggest bottleneck is not tooling, but knowing what to do next and how to document it correctly, this is one of the most straightforward options on the market.
screenshot of the Compliancy Group user interface
Best for: small to mid-sized healthcare practices that want a step-by-step workflow and ongoing support, especially teams without dedicated IT or compliance staff.

Unlike many “compliance automation” platforms that focus primarily on technical evidence collection, Compliancy Group emphasises complete HIPAA program coverage. The Guard supports the Security Rule, Privacy Rule, and Breach Notification Rule, and also offers an OSHA add-on for healthcare organisations.

Core capabilities centre on helping you build and maintain the administrative backbone HIPAA expects:

  • Security Risk Analysis (SRA): guided risk assessments with corrective action planning, typically completed in 30 days or less on average (vendor case-study data), with your coach helping you keep momentum.
  • Policies and procedures: a library of 500+ templates you can customize to your environment.
  • Workforce training: built-in training with completion tracking, so training records are not trapped in spreadsheets.
  • Vendor and BAA tracking: tools to manage vendors and agreements, plus reminders around renewals.
  • Incident management: workflows to document and track incidents and potential HIPAA violations.

Automation depth: high for documentation workflows, training tracking, and program management. It is not designed for real-time technical monitoring of your infrastructure (for example, continuously verifying MFA, encryption settings, or cloud configuration drift). If your main goal is automated technical evidence collection across cloud systems, you will still need additional security tooling or a different platform category.

Implementation and rollout: many organisations use the coach-led workflow to complete their initial SRA quickly, then expand into policies, training, vendor management, and incident documentation over the next 1 to 3 months depending on size and complexity.

Pricing: Compliancy Group introduced modular pricing in May 2025 starting at $99 per month, letting practices choose the pieces they need. Previous “full suite” pricing was often positioned closer to the mid-hundreds per month, so the new packaging is a meaningful shift for smaller clinics.

Pros: dedicated coach support throughout the process, full HIPAA coverage including the Privacy Rule, and a large policy template library backed by long healthcare compliance experience.

Cons: limited technical integrations and no continuous infrastructure control testing, plus a coach-driven model that can feel slower for teams that prefer fully self-serve execution.

Stand-out differentiator: the assigned live compliance coach. For many clinics, that is the difference between “we bought software” and “we finished the program.”

Customer proof: Compliancy Group positions itself as serving 4,000+ organisations and cites a 100% client audit pass rate claim, alongside strong category positioning on G2 for healthcare compliance.

3. Accountable HQ: best for a self-serve, tiered HIPAA program that grows with you

Accountable HQ is a practical choice when you want a single portal for HIPAA basics, but you are not ready for an enterprise GRC rollout. It is built for clinics and healthcare startups that prefer a self-serve workflow, with higher tiers adding more security-forward features as your program matures.

screenshot of the Accountable user interface
Best for: small to mid-sized practices and digital health teams that want full HIPAA coverage (including the Privacy Rule) with a clear upgrade path from “baseline compliance” to more proactive monitoring.

Accountable HQ covers HIPAA Security, Privacy, and Breach Notification requirements, and bundles the day-to-day components most teams need to prove they are operating a real program:

  • Security risk assessment: a guided Security Risk Assessment workflow included in all plans.
  • Policies and procedures: policy generation and management tools across tiers.
  • Training: HIPAA training plus security awareness training in the Basic tier, with additional courses available in higher tiers.
  • BAA and vendor management: BAA management is included, and the Plus tier adds vendor discovery and shadow IT detection.
  • Incident and breach readiness: incident-response tooling is included, with the Plus tier adding data breach monitoring.

Automation depth: moderate. Accountable HQ includes an AI Compliance Copilot across all tiers, and the Plus tier adds more “push-button” security workflows like phishing simulation, MFA and access controls review, and data breach monitoring. The Pro tier goes further with vulnerability scanning twice per year and penetration testing once per year. What it does not offer is the kind of deep, always-on evidence collection you get from platforms built around large-scale cloud integrations.

Implementation timeline: Accountable HQ advertises an average of 30 days to compliance (vendor claim), and you can start immediately via a 7-day free trial.

Pricing: Accountable HQ uses a tiered subscription model with included employee counts and per-seat add-ons:

  • Basic HIPAA: $169/month on annual billing ($199/month monthly), includes 15 employees, then $9 per additional seat
  • Plus: $254/month annual ($299/month monthly), includes 15 employees, then $15 per additional seat
  • Pro: $679/month annual ($799/month monthly), includes 20 employees, then $19 per additional seat
    Month-to-month pricing is listed as higher than annual, and plans are positioned as cancel-anytime.

Pros:

  • Full HIPAA rule coverage, including the Privacy Rule, which makes it viable for Covered Entities
  • Strong value in the Plus tier for the price point, including phishing simulation, vendor discovery, and breach monitoring
  • Clear pricing and packaging, with a fast way to trial the product

Cons:

  • Not a multi-framework platform (no SOC 2, ISO 27001, or HITRUST program mapping)
  • Limited deep technical integrations compared to cloud-native compliance automation platforms
  • Per-seat pricing can climb quickly as you scale headcount

Stand-out differentiator: the Plus tier bundles several proactive security features that many HIPAA tools reserve for higher-priced plans, including phishing simulation, vendor discovery/shadow IT detection, MFA review, and data breach monitoring.

Customer proof: Accountable HQ states 10,000+ companies use the platform (vendor claim) and positions the product around a 30-day average time to compliance (vendor claim), with “audit protection” included in plans.

4. HIPAA One (Intraprise Health): best for audit-grade risk analysis

HIPAA One, now part of Intraprise Health, is built for organisations that need a defensible, auditor-ready Security Risk Analysis (SRA) and want the output to match what regulators actually look for. This is less about lightweight policy wizards and more about producing a risk analysis that stands up under scrutiny across multiple facilities, business units, and affiliates—essentially functioning as a comprehensive risk assessment and management software approach.
screenshot of the HIPAA One user interface
Best for: hospitals, health systems, and multi-site networks that want an OCR-aligned SRA with enterprise reporting, weighted scoring, and roll-up visibility.

HIPAA One’s core strength is that its SRA workflow mirrors the OCR audit protocol closely, and it is grounded in NIST methodology (including NIST SP 800-66 alignment). That gives compliance and security leaders a clear line from “requirement” to “evidence” to “remediation plan,” which is exactly what you need when leadership asks, “Are we audit-ready?”

What it covers depends on the modules you deploy, but the platform supports full HIPAA program needs across:

  • Security Rule: the SRA experience, including automated risk calculation, prioritisation, and remediation planning
  • Privacy Rule and Breach Notification: supported through dedicated modules (for example, Privacy and privacy/breach risk assessment functionality)
  • Business associate workflows: contract and agreement management via a Business Associate Manager (BAM) capability
  • Workforce training: a training module is available, with progress tracking and reporting

On the automation front, HIPAA One is strong at streamlining assessments and enterprise coordination. It can accelerate year-over-year work by carrying forward prior assessment data, and it supports parent-child roll-ups so multi-entity organisations can view results at the facility level and the system level. It is not positioned as a “connect to every cloud service and test controls hourly” platform. The automation is primarily assessment workflow, scoring, and reporting, not continuous technical control testing across your infrastructure.

Implementation: timelines vary by delivery model. Intraprise Health offers self-service, hybrid, and managed services approaches, which lets organisations choose between software-led execution and deeper expert involvement. Case-study data cited in the draft suggests meaningful time reductions after rollout (for example, a reported 65 per cent reduction in SRA preparation time in one deployment).

Pricing: enterprise pricing is typically quote-based, and overall cost depends on modules and whether you choose managed or hybrid services.

Pros:

  • OCR-audit-protocol alignment and NIST-based approach create a more defensible SRA
  • Built for multi-site complexity, including roll-up reporting across sub-entities
  • Flexible delivery models (self-service, hybrid, managed) to match internal resourcing

Cons:

  • Enterprise packaging and services can make total cost high for clinics and small practices
  • Monitoring is largely compliance-process and assessment focused, not real-time infrastructure scanning
  • Some functionality may be modular depending on your package, which can increase complexity during procurement

Stand-out differentiator: HIPAA One is purpose-built to generate an SRA in the format and depth auditors expect. If your priority is “audit-grade SRA with enterprise reporting,” it is one of the most direct fits in this list.

Customer proof: Intraprise Health positions HIPAA One as used by 16,000 users across 10,000+ healthcare organisations, and cites a 100% OCR acceptance rate claim, along with additional case-study improvements in SRA efficiency (vendor-stated metrics).

5. Clearwater IRM|Pro: best for enterprise-scale risk governance (plus managed security)

Clearwater IRM|Pro is built for healthcare organisations that need more than a HIPAA checklist. It is a fit when your program spans thousands of assets, multiple facilities, medical devices, and third parties, and you want a single partner that can deliver both the platform and the expertise to run it.
screenshot of the Clearwater user interface
Best for: enterprise health systems, IDNs, hospital chains, and large practice management groups that want healthcare-specific risk modelling and the option to pair it with advisory services and managed security.

Clearwater’s HIPAA coverage is delivered through a suite of modules designed to map to the real shape of a healthcare compliance and security program:

  • IRM|Analysis: Security Risk Analysis (SRA) aligned to NIST and designed to be OCR-quality, covering ePHI assets and medical devices.
  • IRM|Security: Security Rule compliance assessment workflows.
  • IRM|Privacy: Privacy Rule and Breach Notification Rule coverage.
  • IRM|405(d) HICP: alignment to the industry-recognised cybersecurity practices published under HICP.

Where Clearwater differs from lighter HIPAA tools is in how it treats “continuous monitoring.” The software supports enterprise-wide risk calculation, prioritisation, and executive reporting, but the always-on component comes from Clearwater’s broader delivery model. Clearwater also offers managed security services with a 24/7 SOC, plus managed cloud services for Azure environments. For CISOs, that means you can combine compliance reporting, risk remediation planning, and active security operations under one vendor relationship.

Automation depth: high for enterprise risk modelling and reporting, and operationally continuous when paired with the managed services layer. This is not a self-serve compliance automation product built around hundreds of plug-and-play integrations. It is a healthcare-focused platform that becomes most valuable when used alongside Clearwater’s advisory and managed security capabilities.

Multi-framework support: Clearwater’s software is healthcare and HIPAA centred, with additional alignment to NIST and 405(d) HICP. Broader frameworks like HITRUST and SOC 2 are typically supported through Clearwater’s compliance services rather than out-of-the-box cross-framework control mapping.

Implementation: expect a multi-month rollout for enterprise organisations. Deployment usually includes discovery and inventory, risk analysis, remediation planning, and establishing ongoing governance rhythms. Managed services run continuously once engaged.

Pricing: Clearwater is positioned at a six-figure total cost of ownership and is sold through a consultative process. The expert research notes an estimated annual investment in the $150k to $500k+ range for a mid-size health system depending on scope, modules, and services.

Pros:

  • Deep healthcare-specific risk modelling across servers, IoMT, third-party portals, and medical devices
  • Full HIPAA program coverage via dedicated modules, including Privacy and Breach Notification support
  • Option to pair compliance governance with a 24/7 SOC and managed security services for a unified operating model

Cons:

  • Cost and scope make it impractical for small clinics and early-stage startups
  • Value depends on time and engagement; it is not “buy it and you are done” software
  • Less oriented toward plug-and-play cloud evidence collection compared to automation-first compliance platforms

Stand-out differentiator: Clearwater is the only option in this list that combines enterprise compliance software with a full managed security practice, including a 24/7 SOC. If you want a platform plus a partner to help operate the program, that is the defining advantage.

Customer proof: Clearwater cites 500+ customers, 20+ years focused on healthcare cybersecurity, and recognition including 2026 Best in KLAS for Security & Privacy Consulting, Black Book #1 (survey of approximately 2,000 executives), and MSSP Alert Top 250, alongside a 100% OCR success rate claim (vendor-stated metrics).

Quick-scan comparison

Use this table to narrow your shortlist fast, then validate fit in demos based on your HIPAA rule coverage needs (especially Privacy Rule), automation expectations, and budget model.

Platform Ideal for Stand-out strength Deployment Starting price*
Vanta Cloud-native health-tech teams and Business Associates 400+ integrations, frequent automated testing SaaS HIPAA included as a package framework or $5,000/year add-on (total varies by add-ons)
Compliancy Group (The Guard) Clinics that want a human coach Dedicated coach plus full HIPAA (including Privacy Rule) SaaS from $99/month (modular pricing)
Accountable HQ Practices that want self-serve, tiered HIPAA Tiered plans with AI Copilot and strong Plus-tier add-ons SaaS 7-day free trial, then from $169/month (annual)
HIPAA One (Intraprise Health) Multi-site hospital networks OCR-aligned, audit-grade SRA with roll-up reporting SaaS Quote required
**Clearwater IRM Pro** Large IDNs and enterprises Enterprise risk governance plus managed security options SaaS or hybrid
*Prices reflect publicly listed rates where available, otherwise vendor quotes. Figures can vary by modules, organisation size, and service level.

Conclusion

HHS’s January 2026 draft HIPAA Security Rule update would make full encryption and multi-factor authentication (MFA) mandatory for every system that touches ePHI. The final text is expected later this year, with a 180-day compliance window, so you will need proof fast, not promises.

The threat side is moving just as quickly. Ransomware hit small providers six times more often in 2025 than in 2021, and the average healthcare breach now tops USD 10.9 million. Continuous monitoring is often cheaper than a single incident response.

Practical steps to stay ahead:

  1. Embed continuous risk monitoring. Connect your compliance platform to EHRs, cloud accounts, and mobile-device managers so drift triggers an alert, not a post-breach report.
  2. Run quarterly tune-ups. Block two hours each quarter to review the live risk dashboard, close red items, and export an audit snapshot. Four short sprints beat one frantic year-end scramble.
  3. Audit MFA and encryption coverage now. When the Security Rule is finalised, you will need evidence that every endpoint and user meets the standard.
  4. Map HIPAA controls to a second framework. Aligning with NIST CSF or HITRUST today earns “recognised security practices” safe-harbour credit if an OCR investigation follows a breach.

Next move: use the evaluation checklist above, pick two platforms that match your size and tech stack, and schedule demos this week. A small investment now can help you avoid seven-figure losses—and many sleepless nights—later in 2026.

The post 5 Best HIPAA Compliance Software for Healthcare: Secure, Audit-Ready Platforms appeared first on IoT Business News.