Blog
EMS Cybersecurity Insights & Resources
Minimum Necessary in EMS Dispatch: What the Crew Actually Needs
A practical guide to HIPAA minimum necessary in EMS dispatch, radio communication PHI guidelines, and a dispatch script that keeps crews informed.
Auditing ePCR Access Logs: What Reasonable Review Looks Like
A practical guide to ePCR audit log review cadence, alerts that catch PHI snooping, and who should be responsible for looking.
Sanction Policies When a Medic Snoops in a PCR
HIPAA requires a written sanction policy for unauthorized PCR access. Here is what OCR looks for and a graduated framework that holds up in an audit.
HIPAA Workforce Screening and the EMS Hiring Gap
HIPAA 164.308(a)(3) requires workforce screening before ePCR access. State EMS certification alone is not enough. Here is where the gap creates audit risk.
Paper PCR Disposal Is Still a Real HIPAA Issue in 2026
Paper PHI is not a legacy problem. Dumpster diving is real, the fines are six figures, and most agencies are not tracking their paper trail. Here is the fix.
Charging Stations and Lockboxes for Issued Phones and Tablets: Physical Security That Carries HIPAA Weight
A tablet with an open ePCR session in an unsecured charging bay is a HIPAA exposure waiting to happen. Here is the hardware and policy fix.
Apparatus Bay Wi-Fi Is Not Station Wi-Fi: A Network Segmentation Story
Why the network the trucks join when they park needs to be different from the office network the chief uses.
ImageTrend, ESO, and Zoll Online: A Security-Posture Evaluation Framework
A vendor-neutral rubric for evaluating ePCR platform security at renewal time, with specific questions to send ImageTrend, ESO, and Zoll Online.
Working With an IT MSP That Doesn't Understand EMS
The operational realities your generalist MSP is missing, the contract addendum that closes the gap, and the boundary between IT and operations.
Tabletop Exercises That Don't Waste a Chief's Afternoon
Four EMS-relevant tabletop scenarios, the injection format that produces a decision list, and the after-action template that gets used instead of filed.