What’s Really Breaking HIPAA Compliance: People, Processes, or Systems?

In our latest live discussion, we explored one of the most pressing questions in healthcare compliance today - why does HIPAA compliance keep failing, even in organizations with all the right policies in place?

This insightful conversation was part of ZUNO’s ongoing series on the future of compliance learning, where we bring together top experts to bridge the gap between documentation and true understanding.

Featured Guest: Ross A. Leo

We were joined by Ross A. Leo, one of the most experienced voices in the HIPAA and HITRUST landscape.

With over 35 years of experience across IBM, NASA, and St. Luke’s Episcopal Hospital, Ross has led major cybersecurity and compliance initiatives, including developing the world’s largest private cloud-based telemedicine network in Texas - connecting 116 sites and managing 350,000 patient records.

He also served as Chairman of the Curriculum Development Committee for (ISC)², where he helped create the original CISSP curriculum still used globally today.

Key Takeaways

Here are some of the most powerful insights Ross shared during the conversation:

• Compliance isn’t failing because of regulations - it’s failing because of people and systems. - Healthcare organizations are in the business of treating patients, not IT. That dependency creates vulnerability if compliance isn’t built into daily operations.
  
  
• Breaches hurt patients first, not just institutions. - Beyond fines and penalties, cyberattacks disrupt care, delay treatments, and erode patient trust - the most human cost of compliance failure.
  
  
• Size doesn’t matter in compliance. - Smaller organizations are often used as “stepping stones” for larger attacks. Every entity in the healthcare chain is part of the same ecosystem of trust.
  
  
• The ROI of compliance lies in efficiency. - Good compliance systems eliminate redundancy, simplify workflows, and create measurable operational savings - not just avoid fines.
  
  
• Culture beats checklists. - True compliance comes when employees understand why it matters, not just what they need to do.
  
  
• Technology helps, but strategy matters more. - AI and automation hold promise, but adopting tech without a clear problem to solve is “a recipe for failure.” Compliance should serve people, not the other way around.

Watch the full webinar

https://youtu.be/6G3VDV9Gj_w?si=-p4kzMn0QQg-7yA0 

Why ZUNO cares about HIPAA compliance?

At ZUNO, we help organizations transform complex compliance requirements - like HIPAA - into interactive, mobile-first learning experiences that drive real understanding and accountability.

HIPAA is more than a regulation; it’s a model case for why compliance learning must evolve. It combines policy, process, human behavior, and technology - exactly the intersection where most compliance programs struggle.

By rethinking how people learn compliance, we help companies move from “check-the-box” training to a culture of compliance where everyone knows why it matters.

What’s next: AI in Compliance 

Our next live discussion brings together Matt Kelly, CEO and Editor of Radical Compliance, to explore a new frontier: “AI in Compliance - Promise, Peril, and Practical Application.”

We’ll unpack how artificial intelligence can support compliance programs without compromising accountability or ethics.

If you’re passionate about building smarter, stronger compliance cultures -
Subscribe to our YouTube channel - https://youtube.com/@zunocompliance?si=z3p-pVJSWVNmwlGB
Follow us on LinkedIn - https://www.linkedin.com/company/zuno-games/ 

Because compliance isn’t just a policy - it’s a people practice.

‍