Help Me With HIPAA
482 episodes - English - Latest episode: 14 days ago - ★★★★★ - 61 ratingsIn today's environment of data breaches, identity theft, fraud, and increasing connectivity, HIPAA Privacy and Security rules are a responsibility to your patients and your clients. HIPAA isn't about compliance, it's about patient care.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Cybersecurity Tales with Gary Salman Part 1 - Ep 270
September 04, 2020 04:30 - 35 minutes - 38.8 MBRecently we talked with Gary Salman, CEO of Black Talon Security. Our discussion was lively and full of great stories and tips. There was so much there we decided to break this into two episodes. This is part 1 and next week we will share part 2. Let’s get started on cybersecurity tales! More at HelpMeWithHIPAA.com/270
Ten Cyber Myths Reviewed - Ep 269
August 28, 2020 04:30 - 51 minutes - 71.6 MBAfter teaching our 3-day HIPAA Boot Camp we were pretty exhausted. In this episode we are discussing the interesting things David found when reading articles about cybersecurity myths. More info at HelpMeWithHIPAA.com/269
Here Comes Trouble - Ep 268
August 21, 2020 04:30 - 1 hour - 86.9 MBToday we are going to cover what we expected to see start happening after the rush to convert us all to work from home. The discussions about our concern that no one was paying attention except the criminals is starting to come to fruition. More info at HelpMeWithHIPAA.com/268
Data Breach Costs Continue Rising - Ep 267
August 14, 2020 04:30 - 50 minutes - 70.1 MBEverywhere we turn this year we are dealing with chaos and stress. Can we all just sing Kumbaya and make it go away? If it was only that easy. Just because craziness has happened doesn't mean HIPAA goes out the window. As we all try to navigate the unknown we can not forget that the criminals thrive on chaos like this. If you aren’t protecting your information a data breach becomes almost inevitable. It is important to understand the data breach costs you are looking at when one occurs. ...
No More Guessing What OCR Expects - Ep 266
August 07, 2020 04:30 - 59 minutes - 81.4 MBThese new settlements from OCR should be new required reading. There is very little guessing about their expectations in these CAPs. Specifically mentioning encryption requirements and mobile device management is not ambiguous at all. Things are getting real folks! More info at HelpMeWithHIPAA.com/266
Enforcement and More News - Ep 265
July 31, 2020 04:30 - 56 minutes - 78.3 MBThere are plenty of things happening that you should be aware of including a new settlement announcement from OCR. This and more things happening out there you should know about! More info at HelpMeWithHIPAA.com/265
Free Security Awareness Training - Ep 264
July 24, 2020 04:30 - 55 minutes - 75.6 MBSo happy that we are finally doing this show in time to remind you to use the free security awareness training resources available for October which is National Cybersecurity Awareness Month (NCSAM). There are a lot of free resources available to promote security awareness under that program released each year. Today we are discussing how to use these resources to work out a plan for your training through out October! More at HelpMeWithHIPAA.com/264
Ransomware - MSPs and Insurance - Ep 263
July 17, 2020 04:30 - 51 minutes - 70.9 MBThe threat of ransomware continues to be a major issue for all businesses. MSPs were a gateway for mass cyber attacks in 2019. Make sure your IT provider is using the new guide specifically for them produced by NIST and NCCoE: PROTECTING DATA FROM RANSOMWARE AND OTHER DATA LOSS EVENTS. While we are at it there are a couple of articles relating to ransomware’s impact on insurance coverage that we need to bring to your attention. More at HelpMeWithHIPAA.com/263
2020 Data breach stats good news and not - Ep 262
July 10, 2020 04:30 - 58 minutes - 79.9 MBThe annual Verizon data breach report was recently released for 2020. Learning from other’s mistakes is always the best way to learn vs the alternatives. These reports always offer very specific details that we find very enlightening and helpful in making business decisions relating to security in all businesses. More at HelpMeWithHIPAA.com/262
COVID-19 Testing vs HIPAA - Ep 261
July 03, 2020 04:30 - 51 minutes - 71.2 MBCOVID-19 Testing vs HIPAA is starting to play out all over the country as businesses reopen and the virus continues to spread. Today we will discuss some of the confusion about all the COVID-19 testing and HIPAA. More at HelpMeWithHIPAA.com/261
No one is watching the hen house - Ep 260
June 26, 2020 04:30 - 1 hour - 84.4 MBSo far 2020 has the whole world turned upside down. A true global pandemic, global economic fallout still happening from a shutdown caused by the pandemic and a level of global social unrest that hasn’t been seen in 40-50 years. Yes, it is overwhelming. But, it is also very clear that the criminal factors and nation-state attackers are well aware no one is watching the hen house too. More info at HelpMeWithHIPAA.com/260
It Is Everyone's Responsibility - Ep 259
June 19, 2020 04:38 - 1 hour - 89.3 MBToo often our human selves will happily put off some responsibilities on others if we can find any small reason for doing so. It may not be our best quality but it is certainly one that bonds most of us together. I personally can’t name anyone that would say sorry I would like to take responsibility for something I think is your responsibility. In our world today we all need to take responsibility for helping protect the group as a whole. The NICE team from NIST published something about jus...
Cyberattacks coming from inside the network - Ep 258
June 12, 2020 04:30 - 52 minutes - 72.6 MBIf you are a fan of horror flicks you know the story. Even if you are not a fan you probably know the line from When A Stranger Calls: “the calls are coming from a phone inside the house”. That stuff happens in the opening. Personally, I have never made it through that part much less through the whole thing. Today we have a whole new horror flick to discuss: cyberattacks coming from inside the network. Maybe we should hold this until Halloween but who knows what will happen then, we nee...
New Tactical Crisis Response Guide- Ep 257
June 05, 2020 04:30 - 59 minutes - 81.7 MBPerfect timing rarely happens these days but we have been discussing updating incident response plans based on what we have learned in the last two months. In fact, we ended our last episode saying the response plan update is one of the most important things you should do. Like magic Erik Decker posts on LinkedIn this week that the HIC group has finished a new guide specifically about crisis response. More info at HelpMeWithHIPAA.com/257
HIPAA Privacy Rights Still Exist - Ep 256
May 29, 2020 04:30 - 50 minutes - 70 MBWe always know when serious stuff has happened behind the scenes and OCR got involved. Some major violations of privacy rights must have happened when we see the OCR notice reminding everyone that you can not share patient information with the media without authorization. More info at HelpMeWithHIPAA.com/256
Reboot Checklist - Ep 255
May 22, 2020 04:30 - 57 minutes - 79.6 MBWe mentioned in the last episode that we would put together a checklist of sorts for what to do as everyone switches back to the old way of doing business or sets up under new remote models. While this isn’t exactly a copy and paste checklist it does give you food for thought as to what to consider for your own reboot checklist. More at HelpMeWithHIPAA.com/255
New Ransomware Concerns - Ep 254
May 15, 2020 04:30 - 58 minutes - 80.5 MBWhen can we stop talking about ransomware? Apparently, never. One of the things we can list as part of our “new normal” is new ways ransomware is going to be impacting us differently. Things are worse today than when we discussed ransomware just a couple of months ago. The pandemic has opened up so many ways for the criminals to attack they are having a field day. More at HelpMeWithHIPAA.com/254
Rethink Threat Lists Post COVID-19 - Ep 253
May 08, 2020 04:30 - 54 minutes - 75.4 MBLike it or not we have to face new realities on our threat lists as we figure out our new normal in the post COVID-19 landscape. The privacy and security risks have changed just like everything else during the crisis. Threat lists used for your SRA must be updated and addressed. You do not want to be hit with data breaches and privacy breaches just as you get things back up and running, do you? More at HelpMeWithHIPAA.com/253
Evaluating MSPs - Ep 252
May 01, 2020 04:30 - 1 hour - 84.6 MBBefore things went all COVID on us this episode was planned out. It may be even more worthy of an episode now. Have you been evaluating your MSPs response to your current state of business? We knew there were some MSP issues in 2019 but now, in 2020, you must have a reliable trusted MSP partner more than ever. What kinds of things do you need to know about your tech needs, your MSP and where you both plan for the future? More at HelpMeWithHIPAA.com/252
Coronavirus Scams Galore - Ep 251
April 24, 2020 04:30 - 53 minutes - 72.9 MBSo many scams and so little time to keep up with them. Yes, that is what it feels like these days. There are so many coronavirus scams we have to take some time to update you guys. There have been cybercrime alerts and stupid people stories galore. Here are the coronavirus scams and crimes we have on our radar this week. More at HelpMeWithHIPAA.com/251
3 Cyber stories we are watching - Ep 250
April 17, 2020 04:30 - 1 hour - 85.8 MBWith the national crisis still in play, cybersecurity is essential to operating businesses which are now online more than ever before. Small businesses without any apps before are going online to survive. Telehealth, remote learning, telework are all standard right now. With so much going on we are trying to keep our eye on cyber stories to prepare ourselves and our clients for what is happening out there. Today let’s discuss 3 cyber stories we are watching right now. More at HelpMeWithHI...
Crisis HIPAA Updates - Ep 249
April 10, 2020 04:30 - 54 minutes - 75 MBThere is a lot of confusion along the way as there always will be in a crisis like this one. We are going to share some of the good information and do our best to clear up some of the misinformation. No matter what, though, it could all change in the two short weeks between when we record this and when we publish it for you guys. Our plan is to provide as much solid information that we know to be true and accurate today. More at HelpMeWithHIPAA.com/249
How do we reboot our business? - Ep 248
April 03, 2020 04:30 - 56 minutes - 77.7 MBWe are all doing our best to focus on what we can do during this national crisis. It is certain that we will bounce back at some point and be able to get back to business. When we do this national reboot, what kinds of things will we need to do? Spend time now planning for the coming business reboot. More at HelpMeWithHIPAA.com/248
HIC SCRiM Should Wake Up Vendors - Ep 247
March 27, 2020 04:30 - 1 hour - 97 MBIn Oct 2019 another document was released by the Health Sector Coordinating Council Joint Cybersecurity Working Group. Health Industry Cybersecurity Supply Chain Risk Management Guide or HIC SCRiM for short is aimed at helping small and medium sized healthcare organizations manage their supply chain vendors. If you haven’t had a chance to check it out, we are reviewing it for you today. If you do review it you will see why we think that HIC SCRiM should wake up vendors. More info at Hel...
No SRA First 2020 OCR Enforcement - Ep 246
March 20, 2020 04:30 - 52 minutes - 72.4 MBOpening the 2020 enforcement list for OCR is a doctor’s office who reported a breach due to a business associate issue and then did nothing. The settlement wasn’t due to the BA but because the office had no SRA in place. Let’s break down the settlement with Steven A. Porter, M.D., P.C. a sole gastroenterologist practice in Ogden, UT. Time to learn from their mistakes. More at HelpMeWithHIPAA.com/246
Privacy, Security, and COVID-19 - Ep 245
March 13, 2020 04:30 - 56 minutes - 78.1 MBDoes your SRA include something like COVID-19? Your business continuity plans include it? Do you need an SRA that includes virus outbreaks? Yes, you do. If your risk analysis didn’t include these kinds of things you should revisit your method for doing an SRA. What should you do about this risk and what else is missing from your SRA? Let’s talk about privacy, security and COVID-19. More info at HelpMeWithHIPAA.com/245
10 Cybersecurity Misconceptions - Ep 244
March 06, 2020 05:30 - 1 hour - 90.5 MBCybersecurity misconceptions are pretty common both in personal life and business. There are definitely enough cases of misinformation coming through our offices on a regular basis to make it obvious just how confused people can be about what should be done. We have pointed out many times that the government has been releasing information for years to assist both businesses and individuals. You can find a lot of information that is very helpful at StaySafeOnline.org. Today we are going to...
Images Exposed - Ep 243
February 28, 2020 05:30 - 37 minutes - 51.7 MBThis story has been going around since September 2019. Images exposed on the internet from PACS systems around the world available to anyone that wanted to see them. Images exposed included x-rays, MRI scans and more. It still hasn’t been locked down after all these months. That means it’s time to talk about it instead of keeping it quiet. More info at HelpMeWithHIPAA.com/243
Insider Issues 2020 - Ep 242
February 21, 2020 05:30 - 55 minutes - 76.4 MBAnother report comes out that says insiders are a huge problem. You have to worry about the people, people. We have been saying this for years. The lastest news on that front is in the 2020 Cost Of Insider Threats Global Report released by the Ponemon Institute and sponsored by ObserveIT and IBM. It does tell us a lot of things we already knew but the details including those about how it is growing are important to note. More info at HelpMeWithHIPAA.com/242
Wearables Plus More HIPAA Questions - Ep 241
February 14, 2020 05:30 - 52 minutes - 71.8 MBWearables, medical devices and HIPAA are just some of the questions we have gotten recently. Today’s episode is privacy and security news plus listener questions. More at HelpMeWithHIPAA.com/241
HIPAA Ambiguous? Really? - Ep 240
February 07, 2020 05:44 - 56 minutes - 77.1 MBIs HIPAA ambiguous? That is the way many people refer to anything that has to do with HIPAA regulations. It comes from doctors, nurses, lawyers, managers, supervisors, even compliance officers. But, is it really the way we should refer to the law? Should we say it is flexible or reasonable instead? More at HelpMeWithHIPAA.com/240
Why Security Patching Matters - Ep 239
January 31, 2020 05:30 - 55 minutes - 76.3 MBThere have been a lot of headlines lately about Windows 7 end of life and Windows 10 security patches. Let’s discuss why supported software and security patching matters in general. Then, we can talk about why it matters under HIPAA. More at HelpMeWithHIPAA.com/239
Ransomware Warnings Everywhere - Ep 238
January 24, 2020 05:30 - 1 hour - 91.5 MBWe have mentioned ransomware warnings over and over on HMWH. To the point ransomware shows up in a search on 56 different episodes before this one. That means we’ve talked about ransomware warnings in 24% of our episodes. Guess what - clearly we need to talk about it again! More info at HelpMeWithHIPAA.com/238
Ambulance Company Settlement - Ep 237
January 17, 2020 05:30 - 55 minutes - 76.1 MBAs we anticipated there was one more OCR settlement announcement before the end of 2019. This one popped in at the end of December and was yet another one in our backyard. The ambulance company settlement seemed simple at first but once we read the details there is a lot to unpack in the CAP. Let’s get to it then! More info at HelpMeWithHIPAA.com/237
2020 Predictions Sortof - Ep 236
January 10, 2020 05:30 - 1 hour - 99 MBWe need to get on the record with our 2020 predictions even if we both agree we have no freaking idea what is going to happen in 2020. If anyone out there says they honestly believe they have a true beat on it, check them out. We do have a few 2020 predictions that we feel sure enough about to say it outloud to you guys. More info at HelpMeWithHIPAA.com/236
Costly PHI Mistakes - EP 235
January 03, 2020 05:30 - 46 minutes - 64.2 MBHere we go with two more OCR enforcement settlements. As we expected, the end of the year included a flurry of enforcement announcements from OCR. Just as this was about to be recorded they announced the second patient access settlement. So we can we get both done in one episode! Both of these cases are related to some costly PHI mistakes so let’s get down to business. More info at HelpMeWithHIPAA.com/235
2019 Predictions Recap - Ep 234
December 27, 2019 05:30 - 1 hour - 84.7 MBWe have made it most of the way through 2019. Now is the time to see how we did when we released our HIPAA privacy and security predictions for 2019 in episode 186 way back on Jan 11. There were so many things that transpired this year just when thinking about the threat landscape much less all of our HIPAA discussions it feels long ago in a galaxy far, far away. For more info HelpMeWithHIPAA.com/234
2019 Holiday Blooper Show
December 20, 2019 05:30 - 11 minutes - 15.8 MBEnjoy Bojan's 2019 version of our annual blooper show. Yes, some things really are as crazy behind the scenes as it seems. Thanks for all your support in 2019. Enjoy whatever holiday you celebrate this time of year to the fullest!
What's in your BAA? - Ep 233
December 13, 2019 05:30 - 1 hour - 83 MBA Business Associate Agreement isn’t just another simple bit of paperwork. The liability commitments in your BAA and the business relationship it defines are very serious and very important in defining clearly the responsibilities of both parties. Lately, we have had to ask a lot of questions like what is in your BAA and today we discuss what we have been seeing out there in the wild, so to speak. More info at HelpMeWithHIPAA.com/233
OCR Enforcement Picks Up - Ep 232
December 06, 2019 05:30 - 47 minutes - 65.8 MBOCR has been busy closing out investigations lately. They announced 2 more enforcement actions in early November. One was a settlement in NY, but the other was a civil money penalty with Texas HHSC. Let’s review these 2 new OCR enforcement actions to see what we need to learn from the details released. More info at HelpMeWithHIPAA.com/232
Black Friday Replay 2019 - HICP Review
November 29, 2019 05:30 - 45 minutes - 62.5 MBHappy Thanksgiving from the HMWH team. Since we just talked with Erik Decker the last two weeks about HICP it seemed fitting that our Thanksgiving replay this year is the discussion we had about our initial review of HICP earlier in 2019. That was episode 189. Thanks for listening and enjoy the Holiday season!
Black Friday Replay 2019 - HICP Review
November 29, 2019 05:30 - 45 minutes - 62.5 MBHappy Thanksgiving from the HMWH team. Since we just talked with Erik Decker the last two weeks about HICP it seemed fitting that our Thanksgiving replay this year is the discussion we had about our initial review of HICP earlier in 2019. That was episode 189. Thanks for listening and enjoy the Holiday season!
Erik Decker HICP Discussion Part 2 - Ep 231
November 22, 2019 05:30 - 47 minutes - 65.3 MBToday we share part 2 of our Erik Decker HICP discussion. Learn about more tools for small and medium organizations. The 405(d) Task Group has more work to do so learn ways you can help spread the word about using these tools to improve healthcare cybersecurity. We even ask how we can all help promote cybersecurity awareness and HICP to improve the healthcare cybersecurity. HelpMeWithHIPAA.com/231
Talking HICP with Erik Decker Part 1 - Ep 230
November 15, 2019 05:30 - 52 minutes - 71.7 MBWe covered the release of HICP or Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients back in Feb in the episode we called 5 Threats and 10 Protection Practices – Ep 189. HICP has now been out for a bit and the next phases of the project are in process. Today we discuss all things HICP with Erik Decker who is the Health Sector Coordinating Council Co-Lead of the 405(d) Task Group that developed this tool to help our sector follow solid cybersecurity practices...
HIPAA Penalties Due To Disarray - Ep 229
November 08, 2019 05:30 - 52 minutes - 71.9 MBHIPAA penalties are always discussed in training and presentations about HIPAA. Those discussions are usually more about an overview of what is in the law than actual information on how the law is applied. HIPAA penalties are really not seen often. Civil money penalties are not part of the settlements we usually see but OCR announced a big one in October. How do they really apply those huge numbers everyone talks about but we never see? More info at HelpMeWithHIPAA.com/229
HIPAA is the Floor - Ep 228
November 01, 2019 04:30 - 51 minutes - 70.7 MBThe annual conference hosted by NIST and OCR Safeguarding Health Information: Building Assurance through HIPAA Security and the repeated message on day one of the conference was “HIPAA is the floor” which started with OCR Dir Severino’s keynote. We always get information at some point that makes these conferences worth the time. What did we get from this one? More info at HelpMeWithHIPAA.com/228
Tales From The Dark Side Of HIPAA - Ep 227
October 25, 2019 04:30 - 54 minutes - 124 MBAs is our custom, each year we have a halloween-themed episode. This year we are thrilled to bring you several very real Tales From The Dark Side Of HIPAA. Thanks to our friend, Jack Rhysider from DarkNet Diaries for recording our haunting lead-in! More info at HelpMeWithHIPAA.com/227
Social Media and PHI as Oil is to Water - Ep 226
October 18, 2019 04:30 - 56 minutes - 78.2 MBSocial media and PHI get the OCR spotlight in the latest settlement announced. Reading these settlement agreements provide the best guidance from OCR which is why we always take the time to get those details for you. How much have you considered about your social media policies and how your staff understands their responsibilities? More info at HelpMeWithHIPAA.com/226
Bad luck breaches? - Ep 225
October 11, 2019 04:30 - 38 minutes - 53.3 MBIs there such a thing as bad luck breaches? Most of us don’t expect luck to rule our world although I will always take good luck if I can get it. But when bad things happen sometimes we say it is due to a string of bad luck. Can data breaches be due to one of those strings of bad luck? For more info go to HelpMeWithHIPAA.com/225
Patient Access Settlement - Ep 224
October 05, 2019 15:09 - 44 minutes - 61.6 MBThe first patient access settlement has been announced by OCR. Director Severino mentioned they would be putting an emphasis on this issue and we now have the first enforcement come through. What should you learn from this settlement? It included some interesting corrective action requirements. More HelpMeWithHIPAA.com/224