Don't Run Six Checklists: A 25-Minute Sane Guide to AI + Healthcare GRC
Pran Mata
BSides Seattle 2026 · Day 1 · Track 1
Pran Mata, a senior security and compliance analyst at Headspace (the mental health app offering meditation, therapy, and psychiatry), presents a practical framework for collapsing the alphabet soup of compliance frameworks -- HIPAA, NIST CSF, HHS guidelines, executive orders, NIST AI RMF, and ISO 42001 -- into five shared outcomes that can be assessed once and mapped across all frameworks simultaneously. The core argument is that treating each framework as a separate project creates duplicative work, slows delivery, and still fails to produce confident results.
AI review
A well-structured GRC process talk that collapses six compliance frameworks into five shared outcomes for healthcare AI governance. Solid operational advice for compliance teams but zero offensive or defensive technical depth. The AI-specific risk section (prompt injection, jailbreaks, context leakage) is acknowledged but not explored beyond definitions. This is a compliance process talk, not a security research talk.