Help Me With HIPAA
482 episodes - English - Latest episode: 14 days ago - ★★★★★ - 61 ratingsIn today's environment of data breaches, identity theft, fraud, and increasing connectivity, HIPAA Privacy and Security rules are a responsibility to your patients and your clients. HIPAA isn't about compliance, it's about patient care.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
End of Life for Windows 7 and 2008, Ready? - Ep 223
September 27, 2019 04:30 - 44 minutes - 60.8 MBJanuary 14, 2020 marks the end of life for Windows 7 and Windows 2008 operating systems. Have you done your SRA to make sure you have things covered? What about home computers, should you be worried about those? In this episode we review what this end of life for Windows OS means and what you should be doing in the 4th quarter of 2019 to prepare for it. More at HelpMeWithHIPAA.com/223
6 Signs Of HIPAA Program Maturity - Ep 222
September 20, 2019 13:29 - 49 minutes - 68.6 MBWe always talk about the need for a culture of compliance or culture of privacy and security. Today we talk about 6 things you notice when you have built a culture of compliance. The 6 comes from 3 x 2 which means there is clearly no rhyme or reason for the selection today. More at HelpMeWithHIPAA.com/222
Insider Breaches Everywhere - Ep 221
September 13, 2019 04:30 - 54 minutes - 75.6 MBWhen working on a plan for this episode I had two different sources drop some insider breach issues in my lap. When I added those to the news stories we are already following involving insider issues, it was clear the topic was meant to be. Multiple cases and reports are out — the topic I must cover is because I am reading about insider breaches everywhere around me. More at HelpMeWithHIPAA.com/221
National Cybersecurity Awareness Month Workforce Training - Ep 220
September 06, 2019 04:30 - 56 minutes - 77.6 MBOctober is National Cybersecurity Awareness Month (NCSAM) and it is a perfect tool to feature security awareness with your workforce and clients. You can not beat an opportunity to run a month long awareness program that provides EVERYTHING you need for free. Today we discuss what the program includes and how to use it in your office. More at HelpMeWithHIPAA.com/220
Six fifty is not required - Ep 219
August 30, 2019 04:30 - 51 minutes - 71.5 MBWe discussed the patient rights to access medical records a few episodes ago. Since then, a new study came out that says a majority of providers are not complying with patient medical records requests. I have also gotten more questions about law firms demanding to pay only $6.50 for medical records requests. We are discussing these issues with specifics about fees for patient requests in this episode. More at HelpMeWithHIPAA.com/219
7 Questions To Ask IT - Ep 218
August 23, 2019 04:30 - 1 hour - 82.6 MBWhen you work with outsourced IT or Managed Service Providers (MSPs) you need to vet them closely to make sure they truly do understand what HIPAA requires from your organization. Here are seven questions to ask your IT team about HIPAA. For more info go to HelpMeWithHIPAA.com/218
Cost of a Data Breach 2019 Study - Ep 217
August 16, 2019 04:30 - 55 minutes - 76.6 MBThe Ponemon Institute has produced an annual study of data breach costs. This is the 14th year. We have used it as a guide for a lot of information over the years. The data has consistently been helpful for us to understand what are the key drivers in data breach costs, remediation, and response. If you can find what the major factors include, it is a great way to determine your priorities in investing resources with the biggest impact. Let’s see what we learned from the 2019 version sponsor...
Who is a Business Associate? - Ep 216
August 09, 2019 04:30 - 52 minutes - 72.9 MBWho is a business associate? A listener asked for an episode on it. Turns out we haven't done one since episode 2. Wow! So, maybe there is more we have to add to that topic in 2019 after 214 other episodes. Today, let’s talk about how to determine who is your Business Associates or BA. More info at HelpMeWithHIPAA.com/216
Listener Questions and Input - Ep 215
August 02, 2019 04:30 - 51 minutes - 71.3 MBWe have gotten a flurry of listener questions and comments lately. Since it is so much easier to do an episode based you listener questions that writing up a whole plan we are definitely doing those today. We really do read and respond to as many as we can. So here we go. More info at HelpMeWithHIPAA.com/215
CCPA and HIPAA Require Consideration - Ep 214
July 26, 2019 05:00 - 43 minutes - 60.6 MBIf you haven’t heard of it before there is a thing called the California Consumer Privacy Act (CCPA). It is considered the first version of a GDPR-type legislation on this side of the pond. It becomes effective Jan 1, 2020. There are many folks that think the CCPA isn’t something for them to worry about. Well... Maybe you should take a second to reconsider that position. More at HelpMeWithHIPAA.com/214
5 Medical Records Uses and Disclosures Rules - Ep 213
July 19, 2019 04:30 - 41 minutes - 57.1 MBToday we discuss 5 medical record uses and disclosures rules that I have been covering recently in training. Medical records are always around for those of us in healthcare. It is so easy to forget that the rules apply to more than just data breaches and social media. There are some very basic concepts that people who have been dealing with medical records for years are surprised to learn. Here are five of them we use the most. More at HelpMeWithHIPAA.com/213
Cybersecurity Tips and Trends - Ep 212
July 12, 2019 04:30 - 52 minutes - 72.6 MBWe need to keep up with our education just like everyone else to keep up with cybersecurity tips and trends. Donna hit some training at SecureWorld and sat in on a 6-hr online seminar offered by Dark Reading. All of that thinking and learning means we have cybersecurity tips and trends to share in this episode. This is not just for those who worry about HIPAA. More info at HelpMeWithHIPAA.com/212
Consider ransom payments BEFORE attacks - Ep 211
July 05, 2019 04:30 - 59 minutes - 81.3 MBThe debate continues in ransomware attacks, do you make the ransom payment or not? Lately, we have seen many payments being announced. This should be in your incident response plan ransomware playbook. These decisions should be discussed now, not when an attack happens. What are the pros and cons to paying and what should be in your ransomware response plans? More info on Help Me With HIPAA blog post.
False Claims Settlement - No Risk Analysis - Ep 210
June 28, 2019 04:30 - 44 minutes - 61.6 MBFalse claims settlements over meaningful use money have popped into the news again. The provider was sued by whistleblowers and the DOJ for not doing a security risk analysis but attesting to one to get the meaningful use payments anyway. There is whistleblower's angle in this case which makes it even more interesting. If you know anyone that has received any meaningful use money they should check out this episode! More info at HelpMeWithHIPAA.com/210
Specific BA Liabilities - Ep 209
June 21, 2019 04:30 - 56 minutes - 78.1 MBThis new BA guidance from OCR is important because it defines clearly all the things we hear misstated over and over. Several of our Top 10 Wrong HIPAA Statements episode are addressed in the simple ten item list. Today we will discuss the announcement and what does that mean to BAs and their privacy and security programs. More info at HelpMeWithHIPAA.com/209
Vendor Pays $1 Million Plus 5 Yr Action Plans - Ep 208
June 14, 2019 04:30 - 52 minutes - 72.8 MBThe multi-state settlement with Medical Informatics Engineering makes the OCR settlement seem like a cake walk. The vendor agrees to pay OCR $100,000 with a standard 2-year corrective action plan. The states get $900,000 plus 5 years of very specific corrective action requirements. Vendors need to pay attention to this case and take appropriate action now. More info at HelpMeWithHIPAA.com/208
How do you sanction? - Ep 207
June 07, 2019 04:30 - 57 minutes - 79.7 MBSanction policies are often vague or even overlooked in many privacy and security programs. The whole point of a sanction policy is to list out the consequences for failure to follow our policies and procedures. With a vague or non-existent policy consequences aren’t clear which leads to a lack of concern for failure to follow the policy in the first place. You will never build a culture that worries about protecting information without it being clear that is a requirement for inclusion i...
Maturity Assessments - Ep 206
May 31, 2019 04:30 - 43 minutes - 60.1 MBMaturity is something we expect from respected folks or grown folks but what about your privacy and security program, do you check it’s maturity? You have all of these plans, policies, procedures, and training but is it actually meeting your needs? Time to talk maturity assessments. More at HelpMeWithHIPAA.com/206
No PHI exposed. Really? - Ep 205
May 24, 2019 04:30 - 47 minutes - 65.8 MBThe latest HIPAA violation settlement with OCR was announced recently. Ironically, the settlement with Touchstone Medical Imaging was for $3,000,000 and announced just after the reduction of maximum penalties was announced by HHS. Just how bad was this violation to get hit with this level of penalties plus the 2-year corrective action plan? More at HelpMeWithHIPAA.com/205
HIPAA Penalties Dropping - Ep 204
May 17, 2019 04:30 - 50 minutes - 69.9 MBHeadlines everywhere are telling us all that the HIPAA penalties are being “slashed” or “capped” or “reduced”. What is the real story and what does it mean to the rest of us? Great time to talk about what you should consider if you think you will be facing any HIPAA penalties. More info at HelpMeWithHIPAA.com/204
3 Supply Chain Security Stories - Ep 203
May 10, 2019 04:30 - 50 minutes - 70.2 MBWe have talked many times about vetting business associates. When people talk about supply chain security it isn’t just the business associate you contract with you have to worry about. It is all the vendors that they use. Today we are going to review 3 supply chain stories that explain how complex your supply chain unbeknownst to you. More at HelpMeWithHIPAA.com/203
Smile You Are On Camera - Ep 202
May 03, 2019 04:30 - 41 minutes - 57.7 MBWe are all being watched. Cameras are everywhere today. With the advent of dashcams, home security camera systems, CCTV in cities and businesses we are caught on camera somewhere every day. What does that mean when you have privacy concerns to address like, I don’t know, HIPAA? More info HelpMeWithHIPAA.com/202
Alexa and HIPAA Round 2 - Ep 201
April 26, 2019 04:30 - 47 minutes - 65 MBWe discussed this whole Alexa and HIPAA thing before. This week came the big announcement from Amazon that had headlines telling us that Alexa is HIPAA compliant with some slick new medical skills. Time to talk about her again. Let’s see what the announcement really said. While we are at it we will also look into the story that Amazon also has thousands of people sitting around listening to Alexa requests all day long. More info at HelpMeWithHIPAA.com/201
We are shutting it down - Ep 200
April 19, 2019 04:30 - 53 minutes - 73 MBIt is hard to believe we are recording our 200th episode. Some might even say it is close to a miracle that David and Donna could stay focused on one thing for this long. Probably very true. Our passion for what we do here is more than most people would think. We truly do believe that tagline we use in every episode “HIPAA is not about compliance; it’s about patient care.”. More at HelpMeWithHIPAA.com/200
Medical Record Release Fees - Ep 199
April 12, 2019 04:30 - 57 minutes - 131 MBMedical record release is becoming a heated topic. There are several parties involved in the discussion. Of course, the patient and their rights to the medical record comes first. Then, you have the providers trying to meet their obligations to supply the records. But, there are also lawyers and medical record release of information companies and, of course, OCR involved. Today we will try to make some sense out of the mess. More at HelpMeWithHIPAA.com/199
News From 2019 HIPAA Summit - Ep 198
April 05, 2019 04:30 - 59 minutes - 82 MBWe come bearing news from the 2019 HIPAA Summit, today. Officially, it was The 28th Annual National HIPAA Summit. The event happened in March from Washington, DC. Thankfully, they have offered a webcast option along with onsite attendance for years. I sat in on the HIPAA Summit sessions again via webcast and there is much to share. For more info go to HelpMeWithHIPAA.com/198
Real Hacker Stories On DarkNet Diaries - Ep 197
March 29, 2019 04:30 - 51 minutes - 70.5 MBWe are fans of the podcast DarkNet Diaries, “True stories from the dark side of the Internet”. As fans, it explains why we are excited to have Jack Rhysider, the host of DarkNet Diaries, on the podcast with us today. Prepare to be surprised by some of these real hacker stories. More info at HelpMeWithHIPAA.com/197
2 Third Party Breach Stories - Ep 196
March 22, 2019 04:30 - 52 minutes - 72 MBIt is important to think about what could happen if one of your vendors is the reason you become another business listed in data breach statistics. Third-party data breaches can impact your business even when it doesn't involve your data. These stories show how many different angles you should use when reviewing their impact on your business. More info at HelpMeWithHIPAA.com/196
2019 Cybersecurity Coverage Options with John Miller - Ep 195
March 15, 2019 04:30 - 55 minutes - 76.2 MBJohn Miller, CEO of Sterling Seacrest Partners, was with us back at the beginning of our podcast experiment. Over 100 episodes ago, in February 2017 on episode 89, we first talked with him about cyber insurance policies. Today we’ve brought John back to discuss how cyber insurance coverage has changed over the last two years. More info at HelpMeWithHIPAA.com/195
Ransomware Is Getting Scarier - Ep 194
March 08, 2019 05:30 - 45 minutes - 62.6 MBRansomware is getting scarier even if you don’t know it yet. It appears that the lull we enjoyed through the last bit of 2018 may be over. Not only are the incidents increasing but the mechanisms and ransom demands are changing. Yes, no matter how we looked at it we had to say ransomware is getting scarier than it has been since the beginning of 2018. More info at HelpMeWithHIPAA.com/194
Cybersecurity Roles Are Tough - Ep 193
March 01, 2019 05:30 - 52 minutes - 73 MBThere are several recent studies and articles that discuss the world from the viewpoint of the people who have the cybersecurity roles in your IT staff. Their days are packed just trying to keep everything working and secure. As much as we have been after IT folks lately it is important to note that many times they take care of problems that you never even see. Today we are taking the time to remember that cybersecurity roles are tough. Really all IT roles involved in protecting our valuable...
Email is Dangerous - Ep 192
February 22, 2019 05:30 - 46 minutes - 64.3 MBIf you spend time every day worrying about the risks in using email, you might be a security professional. Email is very risky even if you don’t realize it. Imagine that you are just walking along a bridge safely. What you don’t realize is the pit that is just a few inches below the bridge is filled with snakes, gators, and poison spikes. One small mistake could mean - dum, dah, dum, dum, duuummmm. Email is dangerous, seriously it is. More info at HelpMeWithHIPAA.com/192
3 million reasons IT must be audited - Ep 191
February 15, 2019 05:30 - 37 minutes - 51.1 MBOCR got to toot its own horn in a big press release on Feb 7. Not only did they announce another settlement that happened in December that we had not heard about but they also recapped the record-setting year they had with enforcement cases in 2018. Time to learn from other's mistakes. More info at HelpMeWithHIPAA.com/191
Top 10 Wrong HIPAA Statements - Ep 190
February 08, 2019 05:30 - 49 minutes - 68 MBAs with many things, HIPAA “experts” are everywhere. There is also a lot of misinformation, confusion, and downright bad advice being handed out by people who think they understand HIPAA more than they actually do. Wrong HIPAA statements can be found on a lot of discussion boards and just out in the world talking to people. We deal with those issues on a regular basis. Sometimes we can laugh about it. Other times we just have to take very deep breaths before we find ourselves responding i...
5 Threats and 10 Protection Practices - Ep 189
February 01, 2019 05:30 - 46 minutes - 64.3 MBThe Cybersecurity Act of 2015 (CSA) called for adapting our critical infrastructure to better handle cybersecurity issues using private and public partnerships. Section 405(d) of CSA calls for “Aligning Health Care Industry Security Approaches.” A task force has been working on doing that since May 2017. On December 28, 2018, they published the information we have been excited to see in their document Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP...
Privacy Day and Other News You Need - Ep 188
January 25, 2019 05:30 - 44 minutes - 61.6 MBLet’s be #PrivacyAware in today’s episode. Privacy Day has been around for a while. It is “international effort to empower individuals and business to respect privacy, safeguard data and enable trust”. At HMWH, we are all about trust here and certainly aim to empower those who are willing to respect privacy. For more info HelpMeWithHIPAA.com/188
Passwords are a necessary evil - Ep 187
January 18, 2019 05:30 - 36 minutes - 50.9 MBPasswords are a necessary evil in our online and digital world. There are lots of tools out there that help us deal with them but you have to use them every day in some way unless you are completed unsecured or off the grid. LastPass recently released an interesting report about the use of passwords. Let’s see what new trouble we can find in these details about our daily password battle and discuss some options we have found for dealing with them. More at HelpMeWithHIPAA.com/187
7 Predictions for 2019 - Ep 186
January 11, 2019 05:30 - 46 minutes - 64.3 MBToday we cover the things we are keeping an eye on for 2019. Yes, it is 2019, I can not believe how quickly we have gone through almost 2 decades of the 21st century. Our top 7 predictions for 2019 may not surprise you. But, that shouldn't stop us from throwing them out there. More at HelpMeWithHIPAA.com/186
Are HIPAA changes coming? - Ep 185
January 04, 2019 05:30 - 52 minutes - 72.5 MBIn case you have missed it there have been several headlines about HIPAA changes in the last month. What is that all about and what should you worry about? Today we are discussing if HIPAA changes are will be coming this year. Even better we will tell you what we plan to do with the information. More at HelpMeWithHIPAA.com/185
It's Raining Settlements - Ep 184
December 28, 2018 05:30 - 41 minutes - 57.7 MBOCR continued to hand out settlements to close out 2018. These last few announcements came out so quickly vs normal rates it is definitely raining settlements! While these last two do pale in comparison to the huge Anthem settlement, they certainly bring home more messages. What lessons are they trying to teach us with the Florida and Colorado settlements announced in December? More info at HelpMeWithHIPAA.com/184
Annual Blooper Show 2018
December 21, 2018 05:30 - 9 minutes - 12.6 MBEach year our Croatian sound editor, Bojan, compiles his favorite package of our issues to share his pain with our listeners. Listen in to hear how much he has to work to make us sound so much better than we should. Thanks, Bojan for all the hard work! For all our listeners, Happy Holidays and thanks for your support this year and in the future!
Should have said no comment - Ep 183
December 14, 2018 05:30 - 38 minutes - 53.5 MBThe allergy practice settlement that was recently announced will be known as the “no comment” settlement in my mind. As always, there are lessons to be learned from this announcement and the way OCR handled it. This settlement brings up a lot of discussions about handling patient public comments. More at HelpMeWithHIPAA.com/183
New cybersecurity agency and office? - Ep 182
December 07, 2018 05:18 - 46 minutes - 63.5 MBThere have been several announcements about cybersecurity agencies and offices lately. Some announcements are from the Department of Homeland Security (DHS) and some are from Health and Human Services (HHS). What are they talking about and what does it mean to you? More at HelpMeWithHIPAA.com/182
2018 Predictions - How Did We Do? - Ep 181
November 30, 2018 05:30 - 45 minutes - 62.1 MBIt is hard to believe we are coming to the end of another year. Seems like just yesterday we recorded 7 Educated Guesses About 2018. Today we review our 2018 predictions, ummmm, educated guesses for 2018 and see how we did. More info at HelpMeWithHIPAA.com/181
Happy Thanksgiving 2018 - Compliance Officer Gift Guide Replay
November 23, 2018 06:00 - 33 minutes - 76.8 MBThis holiday we are both taking time off to celebrate with our friends and families. In our absence, please enjoy a replay of our previous Gift Giving Guide for compliance officers.
Listener Message Potpourri - Ep 180
November 16, 2018 05:30 - 49 minutes - 68.1 MBListener message potpourri means we will be hitting several different topics in this episode. We get emails and messages from listeners a lot these days. While we do our best to respond we can't say we are consistent. That is why we do these episodes periodically. If we've missed yours, don't hesitate to point it out to us in another message. More info at HelpMeWithHIPAA.com/180
Certification Is Not What You Think - Ep 179
November 09, 2018 05:30 - 29 minutes - 41.2 MBIn the recent NIST OCR security conference, a panel member said the terms “HIPAA compliant” and “HIPAA certified” made her cringe. We agree. The Anthem settlement has a lot of people asking about certifications for cybersecurity since Anthem was technically HITRUST Certified when the hacker first broke into their network. Let’s talk certifications and what they really mean under HIPAA, shall we? More info at HelpMeWithHIPAA.com/179
Anthem Settlement Lessons - Ep 178
November 02, 2018 04:30 - 45 minutes - 63.1 MBThe 2015 Anthem data breach could have been a watershed moment for HIPAA privacy and security in many ways. It remains to be seen if the settlement with OCR turns out to be another one. Either way, the historic breach and historic settlement have many lessons for us to learn. Let's discuss Anthem settlement lessons today. More info at HelpMeWithHIPAA.com/178
5 Horror Movie Quotes - Ep 177
October 26, 2018 04:30 - 37 minutes - 51.2 MBTime for the annual Halloween episode! 5 horror movie quotes are this year’s theme. We have 5 horror movie quotes that are matched up to data breach stories. More info at HelpMeWithHIPAA.com/177
We are #CyberAware - Ep 176
October 19, 2018 04:30 - 50 minutes - 69.7 MBWe are #CyberAware is the tag for the National Cybersecurity Awareness Month campaign. Each year this campaign is run by the National Cybersecurity Alliance. In 2018, Kardon, Security First IT, and HMWH are all signed up to be champions and publish information for the campaign. Today, we will review what these campaigns are about and how you can use these and more like them to augment your education program. More at HelpMeWithHIPAA.com/176