Common HIPAA security gaps in small healthcare and dental practices, including MFA, backups, endpoint coverage, PHI handling, vendor access, and incident response.