What building HIPAA-compliant lakehouses taught me about real-world encryption

Eighty-two percent of data breaches in healthcare don't happen because of a sophisticated nation-state actor; they happen because a junior engineer accidentally left an S3 bucket open or pushed a cleartext JSON blob containing social security numbers to a shared staging environment.

We obsess over "zero trust" and "encryption at rest," but we rarely talk about the reality of the data lifecycle. If your lakehouse isn't architected for granular, row-level access control, you aren't HIPAA compliant—you’re just waiting for a forensic audit to end your career.

Most engineers treat AES-256 like a magic wand. They check the box for "Server-Side Encryption" on their S3 buckets and assume they’ve satisfied the Privacy Rule. They haven't. Compliance isn't about whether the disk is encrypted; it’s about who can see the decrypted contents and where that data manifests in your logs.

The mechanics of the pipeline

When building a lakehouse (think Databricks on Delta Lake or Snowflake), the "Gold" layer is where compliance goes to die. You have clean, joined, enriched data that happens to contain PHI. If you are still using simple IAM roles to govern access, you are doing it wrong.