Building Practical Solutions

An elderly Medicare patient needs post-acute rehabilitation care. Their doctor says so. The hospital says so. UnitedHealthcare’s AI model disagrees. A class action lawsuit filed in November 2023 alleged that UnitedHealth’s algorithm, called nH Predict, was denying rehabilitation coverage to seriously ill patients at scale, including cases involving feeding tubes and severe pressure wounds. The lawsuit alleged that nine out of ten of those denials were overturned on appeal. A U.S. Senate Permanent Subcommittee on Investigations report, published in October 2024, found that UnitedHealthcare’s prior authorization denial rate for post-acute care jumped from 10.9 percent in 2020 to 22.7 percent in 2022, as the company was implementing automated review processes. The lawsuit further alleged UnitedHealth knew about the error rate and kept using the model anyway, because only 0.2 percent of denied patients actually appeal. ...

PCI Scoping in Hybrid Cloud Environments PCI DSS version 4.0 puts fresh attention on scoping through Requirement 12.5.2. You now need a formal scoping exercise at least once a year and after major changes, and you have to be able to explain and defend it. That is hard enough in a simple on premises setup. In a hybrid world with cloud services, shared tools, and legacy systems, it can feel messy and unclear. ...

The future of GRC is technical. As cloud systems grow more complex, companies need controls that scale. This post explores how Compliance as Code helps GRC teams move faster, stay accurate, and work directly with engineers.

The role of GRC is changing. Today’s SaaS companies need more than policy writers—they need GRC engineers. Here’s why.

A leadership philosophy shaped by lacrosse, Auth0 values, and real-world security work.