Help Me With HIPAA
482 episodes - English - Latest episode: 14 days ago - ★★★★★ - 61 ratingsIn today's environment of data breaches, identity theft, fraud, and increasing connectivity, HIPAA Privacy and Security rules are a responsibility to your patients and your clients. HIPAA isn't about compliance, it's about patient care.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Episode 30: Can I Be Sued Under HIPAA?
December 04, 2015 11:30 - 26 minutes - 36.7 MBThe HIPAA legislation itself does not include the option for individual patients to sue any CE or BA that may violate their privacy protections included in the law. HITECH added the ability for the States Attorney General offices to file a cased on behalf of their constituents, however. The biggest change, however, is the ruling by several State Supreme Courts that allows a complaint to use HIPAA as a legal standard of care. That opens the door for all kinds of options. More details...
Episode 29: HIPAA Black Friday Sale
November 27, 2015 11:30 - 37 minutes - 51.7 MBEveryone is ready for the great deals retailers offer on Black Friday and Cyber Monday. We have a list of low-cost and no-cost deals on HIPAA Security & Privacy tools for you! Episode 29: HIPAA Black Friday Sale More details at helpmewithhipaa.com/29
Episode 28: Rise of The Machines, the Internet of Things in Healthcare
November 20, 2015 11:30 - 23 minutes - 32.9 MBThe Internet of Things (IoT) is already here, it isn't something that is coming. It is here and it is the future, it will just become more prominent in our daily lives.
Episode 27: Six Things To Expect From HIPAA Compliant IT providers
November 13, 2015 11:30 - 38 minutes - 52.2 MBIf you expect your IT company to do certain things as a HIPAA compliant vendor you are more likely to have the level of support you need. If you don't ask then they may not be fully aware of what you need or what it requires to be HIPAA compliant themselves.
Episode 26: OCR CAP OMG
November 06, 2015 11:30 - 28 minutes - 39.4 MBWe review the latest OCR settlement CAP details.
Episode 25: Halloween Special - Scary HIPAA Stories
October 30, 2015 10:00 - 29 minutes - 40 MBThis week we get in the Halloween spirit and share some scary stories that make you have those compliance nightmares.
Episode 24: To BAA or not to BAA, that is the question....
October 23, 2015 10:30 - 37 minutes - 51.2 MBDescription Business Associates and required BAAs are discussed often but not resolved quickly. Let's talk about some ideas and issues that go with BAAs. Links FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Notes Who is a BA? A business partner who provides a service to a CE or BA that requires them to CReMaT PHI. Anyone with persistent access to ePHI whether they do anything with it or not is irrelevant - the fact that they CAN do things is what matters. Complexity is increas...
Episode 23: If it moves - encrypt it.
October 16, 2015 12:41 - 35 minutes - 48.8 MBDescription We explained the concepts of encryption in Episode 2: Let’s Talk Encryption but people continue to ask more about what they really need to do with encryption. Links FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Episode 2: Let’s Talk Encryption The government and privacy advocates can’t agree on what ‘strong’ encryption even means Notes First, what can encryption do for you and what it can't do for you. VPN, HTTPS, SSL, SFTP, etc. Protect communications from prying...
Episode 22: So you think you're covered by cybersecurity insurance. Well...
October 09, 2015 10:30 - 28 minutes - 39.5 MBCybersecurity coverage being challenged in court has some important points that all businesses should consider. Links FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Help Me With HIPAA Notes COLUMBIA CASUALTY COMPANY v. COTTAGE HEALTH SYSTEM Data breach occurred Breach announcement said: Between October 8, 2013 and December 2, 2013, PHI of approximately 32,500 patients on the CEs servers weredisclosed to the public via the internet. Hospital got voicemail message from a third ...
Episode 21: Where does your fruit hang?
October 02, 2015 10:30 - 38 minutes - 53.4 MBShow Notes If they were shocked that no one was actually watching for security holes at Ashley Madison you can bet they will be shocked that you haven't been looking because Healthcare is supposed to be private. Ashley Madison: Nobody was watching Top 10 Tech Companies with Ashley Madison Accounts What kinds of things do you need to do to actually be considered looking for them, though? HIPAA Compliant IT Router / Firewall test showed 600% Increase in Unique Vulnerabilities Discovered ...
Episode 20: Its The People, People
September 25, 2015 10:30 - 35 minutes - 48.8 MBShow Notes When it comes to securing anything the weakest link in the chain is always people. People are the ones who make mistakes, over-share, and are also the criminals. This episode talks about what people can manage to do so you have to think of all kinds of things outside the norm. University of Pittsburgh MC BA breach after being hacked the year beforeEmployee of the billing service call center copied personal information from the billing system. 2,259 patients were then passed on...
Episode 19: I am vulnerable, too said your smartphone
September 18, 2015 10:30 - 42 minutes - 58.6 MBMobile devices are vulnerable just like your network, servers, laptops, and desktops. Your risk analysis should include checking on any types of messages, pictures, or access to your data that can be done on your smartphones. Even if you don't put PHI on them they may be able to be used against you in some way to crack your network and your PHI. Patches Android updates and know your version of Android Wipe leaves some stuff on old Android versions iOS updates and know your version ...
Episode 18: Email isn't secure, really, it isn't
September 11, 2015 10:30 - 49 minutes - 45.2 MBLet's review email systems and how they can be secured for ePHI and other sensitive data. Find Healthcare IT HIPAA For MSPs Kardon Compliance Alston Article on Email Security Notes Leigh from Florida sent us an email asking for us to explain some more specifics about email. She had been listening to Episode 8: HIPAA Myths Part 2 which mentioned it but she had specific questions how can email be secured. This couldn't be covered in a quick 5 minute HIPAA answer episode so we are doin...
Episode 17: Compliance Management with ComplyAssistant
September 04, 2015 10:30 - 40 minutes - 55.9 MBLinks ComplyAssistant FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Notes Who is Gerry Blass Been in healthcare for the long ride Consultant for years Now consultant and software company ComplyAssistant - when did you start development and what was your vision for it? What kinds and size of clients do you have - hospital, practices, BAs and CEs of all types ComplyAssistant features Due Diligence for BAs Contract management Incident Management Project Management Documen...
Episode 16: Seven Steps for Nurturing a Culture of Compliance
August 28, 2015 10:30 - 36 minutes - 49.8 MBCulture of compliance is the phrase OCR uses when defining what they are looking for in an audit or investigation. They also use the phrase robust compliance program in the same manner. Using these steps is a great way to make sure your organization is following their lead. Links ComplyAssistant Compliance Management Solution Spher EHR Access Monitoring Solution FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Notes 7 steps to improving your Privacy & Security policies and proced...
Episode 15: It's not just about HIPAA anymore
August 21, 2015 10:30 - 33 minutes - 30.2 MBIn 2014 NIST introduced the National Cybersecurity Framework (CSF). It is designed for all businesses, large and small, to know things they should be doing to protect their businesses, data, customers, and more. Just how does it compare to HIPAA? Notes NIST Cybersecurity Framework DHS Getting Started for Small and Midsize Businesses (SMB) US Chamber of Commerce: Internet Security Essentials for Business 2.0 C3 Voluntary Program: Begin the Conversation: Understand the Threat Environment ...
Episode 14: HIPAA Log Audits with AMS Spher
August 14, 2015 10:30 - 45 minutes - 41.4 MBAn interview with Ray Ribble discussing the AMS Spher product. We learn how Spher can automatically "learn" what access patterns are normal and ask you when something isn't right. Your HIPAA compliance requirement to audit access logs may be solved with this tool. Your very own HIPAA Breach Detection Service! Links The AMS SPHER™ Solution FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Notes Who is AMS and Ray Ribble? Tell us about The AMS SPHER™ Solution. Behaviorial Analytic...
Episode 13: What is a HIPAA Risk Analysis
August 07, 2015 10:30 - 35 minutes - 48.9 MBDescription What a HIPAA Risk Analysis includes and why you need it for your cybersecurity risk management. Glossary CReMaT'ed - Create, Receive, Maintain, Transmit CIA - Confidentiality, Integrity, Availability Links JPP Medical Record OCR Guidance on Risk Analysis Training Documentation for this episode FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Notes Not a simple checklist it requires a lot of thought, data collection, and analysis. The analysis part Define where e...
Episode A2: HIPAA Answers - BA question from a listener
August 05, 2015 01:13 - 5 minutes - 4.77 MBWe have a listener who called in with an example situation to find out what we thought. Is the company a Business Associate? Listen to Donna's answer in Episode A2. These short "answer episodes" are released weekly on Tuesday mornings when we have them come in. Send us your questions and we will publish them with our thoughts and the best answers we can muster! Use the Website form or Speakpipe voicemail You can also find all our social media contact information at HelpMeWithHIPAA.co...
Episode 12: Breach Response Plans
July 31, 2015 10:30 - 26 minutes - 49.1 MBDescription A Breach Response plan is a required element of your compliance program since HITECH became effective. Everyone must have a written plan and know what needs to be done. Glossary NIST National Institute of Standards and Technology Links NIST SP 800-61 Revision 2 - Computer Security Incident Handling Guide APDerm Resolution Agreement See item 2(2) FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Notes Establishing an incident response capability should include the fol...
Episode A1: HIPAA Answers - How do I get rid of my printers properly?
July 28, 2015 10:30 - 4 minutes - 3.9 MBHow do I get rid of my printers properly? Find out in HIPAA Answers Episode A1. Thanks for our listener questions that are coming in! It took us a bit to work out the best way to get back to you, so sorry for the delay. Today we introduce, HIPAA Answers episodes. These short "answer episodes" will be released weekly on Tuesday mornings. Send us your questions and we will get them answered. Lots of ways to contact us below! Website form or Speakpipe voicemail Twitter LinkedIn Fac...
Episode 11: Ponemon Study 2014 on Healthcare Breaches
July 24, 2015 10:30 - 35 minutes - 65.8 MBDescription A discussion of the findings in the recently released study concerning healthcare breaches in 2014. Glossary A managed service provider (MSP) is a third-party contractor that is under contract (usually a monthly fee) to provide on-going technology support to other organizations. Links Fourth Annual Benchmark Study on Patient Privacy and Data Security Criminal Attacks: The New Leading Cause of Data Breach in Healthcare FindHealthcareIT HIPAAforMSPS.com Kardon Compliance...
Episode 10: ONC Sample Seven-Step Approach for Implementing a Security Management Process
July 17, 2015 10:00 - 32 minutes - 59.1 MBONC recently published an updated guide for Privacy and Security of Electronic Health Information. This episode David and Donna discuss what that guide calls the Seven-Step Approach for Implementing a Security Management Process. Links Guide to Privacy and Security of Electronic Health Information FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Notes The 7 Steps Step 1: Lead Your Culture, Select Your Team, and Learn Assign your officers, make sure they are trained, show compli...
Episode 9: HIPAA Myths Part 3
July 10, 2015 10:30 - 26 minutes - 24.5 MBWe finish up our discussion about some common myths (or points of confusion) surrounding HIPAA compliance requirements. Glossary Myth is a widely held but false belief or idea. Links HealthIT.gov Top 10 Myths of Security Risk Analysis HealthIT.gov Guide to Privacy and Security of Electronic Health Information Analysis Notes 1 - 7 of 10 Covered in two previous episodes. HIPAA covers all PHI no matter who possesses the information. False. HIPAA law applies to entities that are healt...
Episode 8: HIPAA Myths Part 2
July 03, 2015 10:30 - 30 minutes - 28.1 MBWe continue our discussion about some common myths (or points of confusion) surrounding HIPAA compliance requirements. Glossary Myth is a widely held but false belief or idea. Links HealthIT.gov Top 10 Myths of Security Risk Analysis HealthIT.gov Guide to Privacy and Security of Electronic Health Information Analysis Notes 1-3 In previous episode Communicating with patients via email, fax, or telephone violates HIPAA. Actually, not true. But.... reasonable and appropriate safegu...
Episode 7: HIPAA Myths Part 1
June 26, 2015 14:05 - 23 minutes - 21.4 MBwe discuss some common myths (or points of confusion) surrounding HIPAA compliance requirements. Glossary Myth is a widely held but false belief or idea. Links HealthIT.gov Top 10 Myths of Security Risk Analysis HealthIT.gov Guide to Privacy and Security of Electronic Health Information Analysis Notes Providers are not allowed to share information about a patient with others unless authorized by the patient to do so. False. Providers can share: With anyone the patient identifi...
Episode 6 - HIPAA Compliant IT
June 19, 2015 10:00 - 35 minutes - 32.3 MBIn this episode we discuss technology support requirements under HIPAA and why professional, HIPAA compliant IT services are an important part of managing your security compliance. The Security Rule has so many specific technical things to consider it really requires professional technology services to handle it properly. We discuss why that is needed and what to expect from a HIPAA Compliant IT company. Glossary A managed service provider (MSP) is a third-party contractor that is under...
Episode 5: Without Documentation It Didn't Happen
June 12, 2015 10:00 - 49 minutes - 45.5 MBIn this episode we discuss the importance of documentation for your HIPAA compliance program. You can be doing everything right but without documentation there is now way for you to show anyone else that is the case. If you can't prove it then you aren't doing it as far as OCR is concerned. Glossary A managed service provider (MSP) is a third-party contractor that is under contract (usually a monthly fee) to provide on-going technology support to other organizations. Links FindHealthc...
Episode 4: How Do You Eat An Elephant?
June 05, 2015 10:30 - 36 minutes - 33.2 MBIn this episode we discuss how to take the first steps to building a "culture of compliance" in your organization. Every project has to start somewhere but where do you start with something as big and complicated as HIPAA? Well.... Just like the joke goes "How do you eat an elephant?" "One bite at a time." How do you break HIPAA Compliance into bite sized pieces and get your project moving? We have some tips for you. Glossary A culture of compliance is when an organization establish...
Episode 3: Let's Talk Encryption
May 29, 2015 00:00 - 35 minutes - 66.2 MBHIPAA requires encryption in transit and lists encryption at rest as addressable. What does all that mean?
Episode 1 - Who & What is Help Me With HIPAA
May 22, 2015 01:21 - 16 minutes - 15.2 MBHelp Me with HIPAA does have a point and vision even if it doesn't seem like it sometimes. Learn about your hosts and the plan for the show.
Episode 2: Business Associates
May 21, 2015 20:13 - 30 minutes - 28.3 MBIn this episode we discuss the definition of a Business Associate. How do you find your Business Associates and what should your process for managing them include. Glossary A managed service provider (MSP) is a third-party contractor that is under contract (usually a monthly fee) to provide on-going technology support to other organizations. Notice of Privacy Practices (NPP) is the document CEs provide to patients when they begin treatment or coverage. It is the document that defines...