Identify HIPAA-aligned security gaps across identity, endpoints, cloud systems, email, backups, vendors, and patient data workflows.