Remember when it seemed exciting to find a communications tool that touted HIPAA compliance at the top of its feature list? “Is it secure?” was one of the first questions asked when evaluating medical communication technology. Now, 20 years after the Kennedy-Kassebaum Act was first passed, compliance is generally assumed. Of course, HIPAA compliance is critically important. It’s the law. But it now sits in the background, almost as part of the scenery, instead of prominently featuring in discussions about how a system works. It’s like airbags in your car; they’re legally mandated and you spend no more than a few seconds thinking about them when shopping for a new ride.