Playbook
Patient data is moving to the cloud and HIPAA mapping is not optional
A healthcare provider is moving clinical applications to Azure. The CIO needs every architectural pattern mapped to HIPAA controls before sign-off — encryption, access logging, PHI classification, and audit-defensible compliance attestation that survives a continuous audit.
Trigger — Cloud migration sign-off; HIPAA controls required.
Good outcome — Regulatory mapping baseline live, continuous compliance attestation, PHI classification end-to-end.