Help Me With HIPAA
482 episodes - English - Latest episode: 14 days ago - ★★★★★ - 61 ratingsIn today's environment of data breaches, identity theft, fraud, and increasing connectivity, HIPAA Privacy and Security rules are a responsibility to your patients and your clients. HIPAA isn't about compliance, it's about patient care.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
6 takeaways from the filming settlements - 175
October 12, 2018 09:00 - 43 minutes - 59.2 MBWhat should we learn from the recent OCR settlement? This time it was three settlements in one that related to a fourth. There is more here than the headline-grabbing dollar amounts. These settlements are the best specific guidance you can get from OCR. As always, we do the analysis for you! For more info go to HelpMeWithHIPAA.com/175
3 stories techs should hear - Ep 174
October 05, 2018 18:24 - 47 minutes - 64.8 MBOften tech folks will say that they understand HIPAA. What that really means is that they understand the technical requirements of HIPAA. The overconfidence sometimes works against them. Today we cover 3 stories tech should hear. It is important that they learn there is more than just their tech knowledge.
CIS 20 and HIPAA - Ep 173
September 28, 2018 04:30 - 40 minutes - 55.2 MBCIS 20 or SANS 20 is the name to reference a list of security controls that are intended to be used in the absence of any framework like NIST or HIPAA requirements. If you are trying to get the most bang for your buck and you know you are way behind on your security program CIS 20 may be the thing for you. For more info go to HelpMeWithHIPAA.com/173
How much does trust matter in healthcare? - EP 172
September 21, 2018 04:30 - 44 minutes - 61.1 MBHave you seen the report about consumer online digital trust and what it means to all businesses? The report is The Global State of Online Digital Trust A Frost & Sullivan White Paper which was commissioned by ca technologies and published in July 2018. This survey study was done to compare perceptions about consumer trusts that executives and security professionals have vs the actual consumer trust findings when surveying consumers. Would you believe there is a disconnect across the thr...
Snooping is a serious problem - Ep 171
September 14, 2018 04:30 - 38 minutes - 53.1 MBI can tell you from experience snooping is a serious problem that haunts all entities with health information to protect. Even if you don’t know it is haunting you, it is. You will learn to fear it eventually. The extent of improper record access goes well beyond what most people imagine. The image of a healthcare professional keeping patient information confidential is something we all assume is happening. In the real world, most workers know someone who has improperly accessed records if...
Securing home networks - Ep 170
September 07, 2018 04:30 - 35 minutes - 49.4 MBSecuring home networks matters more now than ever before. We are a very connected society. That creates great opportunities and new challenges every day. Especially, for those tasked with securing all that connectivity. One opportunity that gets a lot of people talking is teleworking, telecommuting, working remotely, or working from home (WFH) - all seem to mean the same thing to most people. Our whole company is built on the ability of our systems to be secured and also be able to connec...
Crisis Communications Plans - Ep 169
August 31, 2018 04:30 - 43 minutes - 59.4 MBWe live in a world of instant communications. During a crisis, our normal standards of communications can be very limited. How many different issues have you addressed for communications in a crisis in your plans? We mention the business continuity and disaster recovery plans that everyone should have often in episodes. This is just one element of the plan that can make or break the business in a crisis. If you can’t communicate effectively with each other the chance of you being able to...
Are hacktivists on your SRA? - Ep 168
August 24, 2018 04:30 - 30 minutes - 42.4 MBIt may not occur to many of you that a hacktivist should be on your security risk analysis (SRA). They must be on there in this digital age. You never know what could trigger a hacktivist to focus on your business and put you under attack. Why you may ask - well we will discuss that now. For more text go to KardonHQ.com/168
BEC-EAC the latest threat to your business - Ep 167
August 17, 2018 04:30 - 45 minutes - 62.7 MBThe FBI released an alert on July 12 titled Business E-mail Compromise E-mail Account Compromise The 12 Billion Dollar Scam that should be on your radar. BEC-EAC stands for Business Email Compromise - Email Account Compromise. If you haven’t learned about this particular threat it is important that you review it and assess the risk it brings to your company. That’s why we review these increasing threats and what you need to do about them in this episode. For more go to HelpMeWithHIPAA.c...
3 reports from IT that you need - Ep 166
August 10, 2018 04:30 - 42 minutes - 58.6 MBWe often get questions from both the tech staff and security officers about what should be documented regularly and why it should be done. There are 3 reports you need to get from your tech team on a regular basis IMHO. Today, we will discuss those three reports, why you need them and what to do with them. More at HelpMeWithHIPAA.com/166
Does size really matter? - Ep 165
August 03, 2018 04:30 - 45 minutes - 62.9 MBOne of the discussions you must always be prepared to have is that size does not matter when it comes to privacy and security issues. Does size matter? Not as much as most people think and not in the ways that most people think either. More at https://HelpMeWithHIPAA.com/165
How to save money in a data breach - Ep 164
July 27, 2018 04:30 - 37 minutes - 51.8 MBWant to know how to save money in a data breach? You have to have a plan before you have the data breach to keep you from making costly mistakes. Everyone knows a data breach can be expensive but there are studies that show us what makes them more expensive and what helps you save money. The annual Ponemon cost of a data breach study has been published. IBM sponsors the study each year and it is one of the best tools for us to prepare for the cost of a data breach. If you have any valuab...
Do you know where your logs are? - Ep 163
July 20, 2018 04:30 - 41 minutes - 57.1 MBOur most downloaded episode Is from way back in May of 2016. HIPAA Access Logs Audits was our 54th episode. It is hard to believe it was that long ago! Today we are doing a deeper dive into how many layers exist when it comes to access logs to see if you have thought of all of them. Which of the logs really matter and what do you do with them? For more go to HelpMeWithHIPAA.com/163
Messaging Failures Times 3 - Ep 162
July 13, 2018 04:30 - 42 minutes - 58.4 MBWe all live in a world that revolves around communication tools today. Messaging failures are often the reason privacy breaches occur. In fact, we have 3 to share with you today. Messaging failures can occur in ways you never dreamed of until it happens to someone you know - not you, of course. Today’s episode covers 4 different stories about messaging failures. For more go to HelpMeWithHIPAA.com/162
MD Anderson Loses OCR Challenge - Ep 161
July 06, 2018 05:00 - 49 minutes - 68.4 MBOCR continues setting examples with the recent announcement of the $4,348,000 civil money penalty (CMP) that they imposed on MD Anderson. A review of the details shows us once again that the enforcement of HIPAA obligations is not something they decide to do in a willy-nilly way. It is specific and designed to set examples of what is expected. Most headlines are about that $4.3 million in penalties but to us, that is not what is the most interesting and important thing to note in this case...
Managing Medical Devices - 4 steps plus a bonus - Ep 160
June 29, 2018 05:00 - 40 minutes - 55.9 MBMedical device inventory is a challenge for most organizations. Just as with computers and mobile devices, though, you can’t understand your risks and security requirements if you don’t know what you have out there. A medical device treasure hunt is what it turns out to be when you make a dedicated effort to find them all in your organization. How do you find them all and how do you worry about protecting them all? More information at HelpMeWithHIPAA.com/160
OCR Investigations - What do they ask - Ep 159
June 22, 2018 05:00 - 47 minutes - 65.4 MBIt happens out of the blue. You get a letter that tells you that there has been a complaint filed and an investigation has been opened by OCR. That may not be the best day of your life. Just the thought of opening one of those letters can make some people feel queasy. If you have ever experienced that moment you don’t have it high on your lists of things to do again. Let’s review the kinds of things you may be asked to answer when under and investigation. For more go to HelpMeWithHIPAA....
Network Security Alerts For Everyone - Ep 158
June 15, 2018 05:00 - 44 minutes - 61 MBIn the past few weeks, the nerd news has been full of network security alerts and discussions about issues potentially lurking on every network, especially smaller ones. These are not the things we normally worry about either. You usually think Windows, Office, Adobe, etc patches are the main alerts to worry about on your network. These are new alerts that could be in every network you use including home, public wifi, and work. Per usual, we are here to explain them as best we can - in Engl...
Cyber Experts Agree We Are Not Alone - Ep 157
June 08, 2018 05:00 - 49 minutes - 68.5 MBSecureworld Atlanta just finished up. Turns out cyber experts do agree about many of the same issues we discuss here. Two days of discussions amongst CISOs, ISOs, security techies, etc. about what to worry about and what to do for cyber protections. Yes, there was a lot of really nerdy discussions but the good news is the central themes do not require geek speak to share with you. Learn more at HelpMeWithHIPAA.com/157
What data do you protect? - Ep 156
June 01, 2018 05:00 - 37 minutes - 50.8 MBHave you considered that there are other valuable information assets to protect than just PHI? Most healthcare privacy and security programs only focus on PHI and HIPAA requirements. If you are already doing the work why not include all of your valuable information assets. It is time to ask yourself what data should we protect? For more go to HelpMeWithHIPAA.com/156
Digital Spring Cleaning - Ep 155
May 25, 2018 04:30 - 51 minutes - 71.1 MBThis time of year many of us think about cleaning out closets and switching seasons. By clearing out your digital clutter you can double check the security of your devices and reduce your attack surface at the same time. Plus, it is way easier than cleaning out the old hall closet that may have monsters lurking in the back of it. Make the time to clean your digital clutter at least once or twice a year and you will feel better for it. Why not do digital spring cleaning, too? For more g...
Risk OR Gap Analysis THAT Is The Question - Ep 154
May 18, 2018 04:30 - 46 minutes - 64.4 MBThere is a frequent issue with people understanding what a Security Risk Analysis includes. In fact, there is so much confusion we often see documents presented as a risk analysis that is actually a gap analysis. It happens so often that OCR is trying to address it in their April newsletter. We are going to take a stab at explaining what gap analysis reports look like vs what a security risk analysis report really includes when done properly. For more information: HelpMeWithHIPAA.com/154
5 HIPAA Cybersecurity Laws - Ep 153
May 11, 2018 05:00 - 48 minutes - 66.8 MBBack in January, I read an article in Forbes titled: The Five Laws Of Cybersecurity. When reading it I realized that it was a great message to our listeners but it needed a HIPAA flavor added it to it. This episode we add our thoughts to his article and turn it into 5 Laws of HIPAA Cybersecurity. For more details HelpMeWithHIPAA.com/153
Don't accept candy from strangers - Ep 152
May 04, 2018 04:30 - 42 minutes - 58.5 MBMore news on the insider front makes it necessary to point out, again, how susceptible healthcare is to insider failures. HelpMeWithHIPAA.com/152
Physicians and Security Officers - Ep 151
April 27, 2018 04:30 - 47 minutes - 65.9 MBThe American Medical Association (AMA) did a survey of physicians and their thoughts about privacy and security practices. It was interesting to hear their responses. Also, when a group of Security Officers gets together for a chat some people glaze over. For nerds like us, it is an exciting discussion. Today we are going to discuss the Security Officer panel topics and the AMA report presentation from the National HIPAA Summit. HelpMeWithHIPAA.com/151
Ready for extreme vendor vetting? - Ep 150
April 20, 2018 04:30 - 45 minutes - 62.4 MBAre you ready for extreme vendor vetting? Many vendors have been pushing back against any covered entity or business associate that asked them to answer questions about their privacy and security programs. They believe signing a business associate agreement (BAA) meets the legal requirements and that is all they must do. Well, the times they are a changing - again. There are many different factors making it necessary to ask these type questions and not just accept a BAA as reasonable assura...
National HIPAA Summit News - Ep 149
April 13, 2018 05:30 - 39 minutes - 54.7 MBThe National HIPAA Summit always features some interesting news from OCR concerning guidance, enforcement, and audits. This year was no different. In this episode, we discuss the highlights as we interpreted them anyway. More at HelpMeWithHIPAA.com/149
Cyberscary Trends - Ep 148
April 06, 2018 04:30 - 47 minutes - 64.7 MBCybersecurity trends sound scary when you hear us talk about some of this stuff. Cyberscary is actually what we decided to call it. The good news is we do talk about other things sometimes. There are two reports that came out in recent weeks have gotten my attention and just have to be discussed with you guys. More info at HelpMeWithHIPAA.com/148
Cybersecurity And The Law - Ep 147
March 30, 2018 04:30 - 55 minutes - 76.7 MBCybersecurity legal requirements keep changing at the state, federal, and international level. Most of the changes are just trying to keep up with the constantly changing landscape of threats in cyberspace. Today we call in an expert, Mitzi Hill, to talk to us about those cybersecurity legal requirements. How those changes may impact your business and your privacy and security program is certainly something we don’t want to lose track of in the mix. More information at HelpMeWithHIPAA.co...
6 Listener Questions - Ep 146
March 23, 2018 05:00 - 48 minutes - 110 MBWe get questions from listeners on a pretty regular basis. When they come in from an email we do our best to reply with an answer. Sometimes they get backed up for us to get them on the show, however. Today we are covering some of those, in fact, we are covering 6 listener questions. HelpMeWithHIPAA.com/146
Uber Health HIPAA - Ep 145
March 16, 2018 04:30 - 33 minutes - 45.8 MBNews abounds about Uber and other ride-sharing services taking people to their doctor appointments. They say they have it covered and Uber Health HIPAA compliance is solid. Today we look at what they are saying about HIPAA here and what that means to us. More info at HelpMeWithHIPAA.com/145
Does healthcare suck at cybersecurity? - Ep 144
March 09, 2018 05:30 - 34 minutes - 47 MBIf cybercrime truly is the number one problem with mankind and healthcare is the number one cyber attacked industry is it because healthcare sucks at cybersecurity? For more info HelpMeWithHIPAA.com/144
Cyber issues around every corner - Ep 143
March 02, 2018 06:00 - 43 minutes - 59.1 MBIf it seems like cyber issues are around every corner these days, you aren’t imagining things. In episode 128 way back in November 2017, we discussed the fact that we thought there were signs of a coming cyber storm. Today we look at what is going on and see if we may actually be in the midst of that storm or is it still building. For more: HelpMeWithHIPAA.com/143
Do I Need A Lawyer? - Ep 142
February 23, 2018 06:30 - 37 minutes - 52.1 MBInformation privacy and security requirements in various laws are coming up in legal cases more often these days. Part of that is because we have more of those type laws. Although HIPAA has been in effect for over a decade, I don’t recall seeing it used in lawsuits and legal cases as frequently as I do now. Maybe I am just paying more attention but there are certainly plenty of cases in the courts today. Most are civil cases but some are even criminal cases. After hearing these you will ...
5 Breaches Equals 1 Big Settlement - Ep 141
February 16, 2018 05:30 - 48 minutes - 66.1 MBAs expected, OCR has continued to announce enforcement actions in 2018. This one is a bit different than any previous resolution in that there are 5 different cases across multiple locations in a single organization. It is also important to note that all 5 of these issues data back to 2012. Almost 6 years since the first one occurred, we have the resolution agreement. HelpMeWithHIPAA.com/141
HIPAA Made Easy? - Ep 140
February 09, 2018 05:30 - 51 minutes - 70.3 MBHIPAA made easy is a topic we have discussed many times before but today we are going to cover it specifically. So often we get requests for the “easiest way” to do HIPAA. This isn’t something to check off a list and have it done. It is something that you do every day as part of your business. The idea that you can make HIPAA easy is similar to saying that doing all of your accounting and taxes for your business is easy. Maybe if there is one person to pay and that is you but handling your...
6 Cybersecurity Lessons In The News - Ep 139
February 02, 2018 06:30 - 43 minutes - 60.1 MBCybersecurity is in the news a lot lately. Particularly a lot of news just since the beginning of the year. As usual, we review all the news looking for important things to share with our clients and listeners. There are just so many different stories to choose from this week, we decided to cover several of them in one episode. So, here are 6 cybersecurity lessons in the news. Some of them may be things you saw before but all of them were worth discussing what we should be aware of and lea...
Cybersecurity Outside The Office - Ep 138
January 26, 2018 06:30 - 48 minutes - 66.7 MBIn December, the OCR newsletter was titled Cybersecurity While on Holiday. First, how very British of them! Second, is it just when on holiday? The same rules apply anytime you are on the road with technology and access to the internet. We see this as something you should review no matter when you plan to access information outside the office. While some think the corner coffee shop is a great work space others work in hotels and conference rooms all over town without being on holiday a...
OCR Ends 2017 With A Bang - Ep 137
January 19, 2018 06:30 - 44 minutes - 102 MBAt the beginning of 2017 OCR announced several settlements. Then, the settlement announcements stopped in May as their were leadership changes that continue to happen. In fact, the only reason this announcement seemed to come out was because it was included in a bankruptcy court filing earlier this month. For more go to HelpMeWithHIPAA.com/137
Meltdown - Patch Baby Patch - Ep 136
January 12, 2018 06:30 - 35 minutes - 48.5 MBUnless you never listen to nerd-speak you have to have heard the discussion about Meltdown and Spectre over the last few weeks. It is a perfect time to talk about what patch management really means in your cybersecurity protections. We try our best to discuss it with less geek speak and more English. For more info HelpMeWithHIPAA.com/136
7 Educated Guesses About 2018 - Ep 135
January 05, 2018 06:30 - 40 minutes - 55.4 MBHere we go for another year! It is amazing that this is the third new year we have covered on HMWH. There are so many things that have happened over that time and as we head into 2018, so many things to look into our crystal ball and make 7 educated guesses about 2018. We may not be predicting the future but we both have some opinions about what we see happening out there in the world of HIPAA, privacy, and cybersecurity in the coming months. Get more at HelpMeWithHIPAA.com/135
Pay Now Or Pay Even More Later - Ep 134
December 29, 2017 06:30 - 46 minutes - 63.6 MBIs HIPAA compliance expensive? Or, is it short-sighted to only worry about what HIPAA compliance costs? A new report from Ponemon Institute, The True Cost of Compliance with Data Protection Regulations, looks at compliance costs across several industries and multinational organizations. The study has a lot of details as we always expect from Ponemon Institute. Read more at HelpMeWithHIPAA.com/134
2017 Blooper Episode - Happy Holidays
December 22, 2017 06:30 - 13 minutes - 18.5 MBEach year Bojan Sabioncello, our audio engineer in Split, Croatia, puts together his blooper roll to mock us. Granted, he spends the whole year having to listen to us without a chance to respond until now. This his only chance to respond to a year’s worth of our comments and screw-ups. We will be back next week with a new episode. Happy Holidays from the whole Help Me With HIPAA team!
Cybersecurity Naughty List 2017 - Ep 133
December 15, 2017 10:00 - 36 minutes - 50.5 MBAs 2017 comes to a close, we are making our lists and checking them twice. Time to find out who we thought was more naughty than nice this year. The Naughty List 2017 discussion includes everything from big news data breaches such as Equifax and Uber down to stolen hard drives and password issues. Feel free to add your naughty list nominations in the comments. More info at HelpMeWithHIPAA.com/133
Five Phishing Findings From Google - Ep 132
December 08, 2017 05:30 - 51 minutes - 70.9 MBA new report on phishing was recently released titled: Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials. The report of findings from a study that was done by Google, University of California, Berkeley, and the International Computer Science Institute. It was a year-long study of account hijacking, stolen credentials, phishing and malware attacks. The findings are clear that phishing is a problem in ways we may not have thought before now. In the study, th...
SOC2 certification is not HIPAA compliance - Ep 131
December 01, 2017 05:30 - 47 minutes - 65.5 MBRecently, we have dealt with our clients struggling with vendors in the vetting process. Particularly, tech vendors of any sort. Many vendors have written off the HIPAA compliance requirements by simply saying “We are SOC2 compliant so you don’t have to worry about anything”. Often that is said by sales and management folks with a great deal of confidence. After spending some time at a recent HITRUST meeting I heard just how many people shouldn’t be so confident when making that statement. A...
Black Friday Replay 8 Common HIPAA Myths
November 24, 2017 05:30 - 46 minutes - 31.7 MBWe are enjoying the holiday with our families. But, we didn't want to miss a chance to share time with our listeners. Today we are replaying one of our favorite episodes 8 Common HIPAA Myths.
5 Things To Do Before Year’s End - Ep 130
November 17, 2017 05:30 - 44 minutes - 61.7 MBHard to believe another year is coming to an end. It is time to review 2017 and plan for 2018. That means it is time to make your list of 5 Things To Do Before Year’s End. Just in case you need some help with that list, we made one for you! HelpMeWithHIPAA.com/130
Text messaging is not secure by default - Ep 129
November 10, 2017 05:30 - 40 minutes - 55.3 MBText messaging is often the preferred method of communication for many people today. It does have great advantages with its simplicity, instant delivery, and convenience. However, I did not mention security on that list. Text messaging is not secure by default. Yes, you can secure it but that requires apps, platforms, and planning. The bottom line is the communication method most people call text messaging is not secured enough to send and receive PHI without patient authorization to us...
Is there a cyber storm brewing? Ep 128
November 03, 2017 04:30 - 51 minutes - 70.7 MBLately, there have been a lot of articles in the "nerd news" services about various problems and vulnerabilities looming on the horizon or happening right now. Usually, there are one or two in a normal week or so that really get our attention. The last few weeks though it seems a bit different. Maybe it is just noise or paranoia created to drive traffic to sites. But, sometimes it becomes overwhelming enough to take time to step back and look at the details as a whole and determine what ...